Two vulnerabilities in ProFTPD might allow for SQL injection attacks.
Package | net-ftp/proftpd on all architectures |
---|---|
Affected versions | < 1.3.2 |
Unaffected versions | >= 1.3.2 |
ProFTPD is an advanced and very configurable FTP server.
The following vulnerabilities were reported:
A remote attacker could send specially crafted requests to the server, possibly resulting in the execution of arbitrary SQL statements.
There is no known workaround at this time.
All ProFTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.2"
Release date
March 12, 2009
Latest revision
March 12, 2009: 01
Severity
normal
Exploitable
remote
Bugzilla entries