Check Point Advisories

Update Protection against ProFTPD Server Username Handling SQL Injection

Check Point Reference: CPAI-2009-057
Date Published: 27 Feb 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA33842
Industry Reference:CVE-2009-0542
Protection Provided by:
Who is Vulnerable? ProFTPD Project ProFTPD 1.3.1 to 1.3.2rc2
Vulnerability Description A vulnerability was reported in the ProFTPD server, a File Transfer Protocol (FTP) server mainly used in Linux distributions. The flaw is due to improper validation of a user-supplied username string before being used in an SQL query. A remote unauthenticated attacker can trigger this vulnerability by sending a malicious username to the target ProFTPD server and gain the privileges of a legitimate user.
Vulnerability DetailsA remote attacker can exploit this vulnerability by specifying an SQL injection string in the username. This will cause the server to perform string transformation and facilitate the execution of arbitrary SQL on the back-end database.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK