Lucene search
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-1730.NASLHistoryMar 03, 2009 - 12:00 a.m.
Debian DSA-1730-1 : proftpd-dfsg - SQL injection vulnerabilites
2009-03-0300:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.927 High
EPSS
Percentile
99.0%
The security update for proftpd-dfsg in DSA-1727-1 caused a regression with the postgresql backend. This update corrects the flaw. Also it was discovered that the oldstable distribution (etch) is not affected by the security issues. For reference the original advisory follows.
Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures project identifies the following problems :
-
CVE-2009-0542 Shino discovered that proftpd is prone to a SQL injection vulnerability via the use of certain characters in the username.
-
CVE-2009-0543 TJ Saunders discovered that proftpd is prone to a SQL injection vulnerability due to insufficient escaping mechanisms, when multybite character encodings are used.
The oldstable distribution (etch) is not affected by these problems.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-1730. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(35755);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2009-0542", "CVE-2009-0543");
script_bugtraq_id(33722);
script_xref(name:"DSA", value:"1730");
script_name(english:"Debian DSA-1730-1 : proftpd-dfsg - SQL injection vulnerabilites");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"The security update for proftpd-dfsg in DSA-1727-1 caused a regression
with the postgresql backend. This update corrects the flaw. Also it
was discovered that the oldstable distribution (etch) is not affected
by the security issues. For reference the original advisory follows.
Two SQL injection vulnerabilities have been found in proftpd, a
virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures
project identifies the following problems :
- CVE-2009-0542
Shino discovered that proftpd is prone to a SQL
injection vulnerability via the use of certain
characters in the username.
- CVE-2009-0543
TJ Saunders discovered that proftpd is prone to a SQL
injection vulnerability due to insufficient escaping
mechanisms, when multybite character encodings are used.
The oldstable distribution (etch) is not affected by these problems."
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2009-0542"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2009-0543"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2009/dsa-1730"
);
script_set_attribute(
attribute:"solution",
value:
"For the stable distribution (lenny), these problems have been fixed in
version 1.3.1-17lenny2."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
script_cwe_id(89);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:proftpd-dfsg");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
script_set_attribute(attribute:"patch_publication_date", value:"2009/03/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/03");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"5.0", prefix:"proftpd", reference:"1.3.1-17lenny2")) flag++;
if (deb_check(release:"5.0", prefix:"proftpd-basic", reference:"1.3.1-17lenny2")) flag++;
if (deb_check(release:"5.0", prefix:"proftpd-doc", reference:"1.3.1-17lenny2")) flag++;
if (deb_check(release:"5.0", prefix:"proftpd-mod-ldap", reference:"1.3.1-17lenny2")) flag++;
if (deb_check(release:"5.0", prefix:"proftpd-mod-mysql", reference:"1.3.1-17lenny2")) flag++;
if (deb_check(release:"5.0", prefix:"proftpd-mod-pgsql", reference:"1.3.1-17lenny2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | proftpd-dfsg | p-cpe:/a:debian:debian_linux:proftpd-dfsg |
| debian | debian_linux | 5.0 | cpe:/o:debian:debian_linux:5.0 |
Related
openvas
openvas
FreeBSD Ports: proftpd, proftpd-mysql
2009-03-20 00:00:00
Debian: Security Advisory (DSA-1730-1)
2009-03-07 00:00:00
ProFTPD Server SQL Injection Vulnerability
2009-02-20 00:00:00
debian
debian
osv
osv
- SQL injection vulnerabilites
2009-02-26 00:00:00
proftpd-dfsg - SQL injection vulnerabilites
2009-03-02 00:00:00
gentoo
gentoo
ProFTPD: Multiple vulnerabilities
2009-03-12 00:00:00
nessus
nessus
GLSA-200903-27 : ProFTPD: Multiple vulnerabilities
2009-03-13 00:00:00
Debian DSA-1727-1 : proftpd-dfsg - SQL injection vulnerabilites
2009-02-26 00:00:00
freebsd
freebsd
proftpd -- multiple sql injection vulnerabilities
2009-02-06 00:00:00
securityvulns
securityvulns
ProFTPd SQL injection
2009-02-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against ProFTPD Server Username Handling SQL Injection
2009-02-27 00:00:00
Suspicious Characters in FTP User Name (CVE-2009-0542; CVE-2010-2453)
2010-08-18 00:00:00
cve
cve
CVE-2009-0542
2009-02-12 16:30:00
CVE-2009-0543
2009-02-12 16:30:00
prion
prion
Sql injection
2009-02-12 16:30:00
Sql injection
2009-02-12 16:30:00
d2
d2
DSquare Exploit Pack: D2SEC_PROFTPD_MODSQL
2009-02-12 16:30:00
fedora
fedora
[SECURITY] Fedora 10 Update: proftpd-1.3.2a-5.fc10
2009-09-24 05:25:55
debiancve
debiancve
CVE-2009-0542
2009-02-12 16:30:00
CVE-2009-0543
2009-02-12 16:30:00
ubuntucve
ubuntucve
CVE-2009-0542
2009-02-12 00:00:00
CVE-2009-0543
2009-02-12 00:00:00
cvelist
cvelist
CVE-2009-0542
2009-02-12 16:00:00
CVE-2009-0543
2009-02-12 16:00:00
nvd
nvd
CVE-2009-0542
2009-02-12 16:30:00
CVE-2009-0543
2009-02-12 16:30:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.927 High
EPSS
Percentile
99.0%
Related for DEBIAN_DSA-1730.NASL