Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-0543

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.

Related bugs and status

CVE-2009-0543 (Candidate) is related to these bugs:

Bug #508738: proftpd sql injection

		In	Importance	Status
508738	proftpd sql injection	proftpd-dfsg (Ubuntu)	High	Fix Released
508738	proftpd sql injection	proftpd-dfsg (Ubuntu Jaunty)	High	Fix Released
508738	proftpd sql injection	proftpd-dfsg (Ubuntu Lucid)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009021...
MLIST: [oss-security] 2009021...
CONFIRM: http://bugs.proftpd.or...
MANDRIVA: MDVSA-2009:061
GENTOO: GLSA-200903-27
SECUNIA: 34268
DEBIAN: DSA-1730