The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/33842/ http://bugs.proftpd.org/show_bug.cgi?id=3173 http://bugs.proftpd.org/show_bug.cgi?id=3124 http://milw0rm.com/exploits/8037 http://www.vuxml.org/freebsd/ca0841ff-1254-11de-a964-0030843d3802.html

The following packages are affected: proftpd proftpd-mysql proftpd-devel CVE-2009-0542 SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a '%' (percent) character in the username, which introduces a ''' (single quote) character during variable substitution by mod_sql. CVE-2009-0543 ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.