CVE-2010-4652
ProFTPD < 1.3.3d - Heap-Based Buffer Overflow via SQL Username Substitution Tags
Title source: llmDescription
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
References (11)
Core 11
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053540.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053537.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2191
Various Sources x_refsource_confirm
http://proftpd.org/docs/RELEASE_NOTES-1.3.3d
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0248
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:023
Exploit, Patch x_refsource_misc
http://bugs.proftpd.org/show_bug.cgi?id=3536
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=670170
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44933
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0331
Various Sources x_refsource_misc
http://phrack.org/issues.html?issue=67&id=7#article
Scores
EPSS
0.1134
EPSS Percentile
95.5%
Details
CWE
CWE-119
Status
published
Products (14)
proftpd/proftpd
1.2.0 (6 CPE variants)
proftpd/proftpd
1.2.1
proftpd/proftpd
1.2.2 (4 CPE variants)
proftpd/proftpd
1.2.3
proftpd/proftpd
1.2.4
proftpd/proftpd
1.2.5 (4 CPE variants)
proftpd/proftpd
1.2.6 (3 CPE variants)
proftpd/proftpd
1.2.7 (4 CPE variants)
proftpd/proftpd
1.2.8 (3 CPE variants)
proftpd/proftpd
1.2.9 (4 CPE variants)
... and 4 more
Published
Feb 02, 2011
Tracked Since
Feb 18, 2026