Summary
This host is running ProFTPD Server and is prone to remote SQL Injection vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary SQL commands, thus gaining access to random user accounts.
Solution
Upgrade to the latest version 1.3.2rc3,
http://www.proftpd.org/
Insight
This flaw occurs because the server performs improper input sanitising, - when a %(percent) character is passed in the username, a single quote (') gets introduced during variable substitution by mod_sql and this eventually allows for an SQL injection during login.
- when NLS support is enabled, a flaw in variable substition feature in mod_sql_mysql and mod_sql_postgres may allow an attacker to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters.
Affected
ProFTPD Server version 1.3.1 through 1.3.2rc2
References
Severity
Classification
-
CVE CVE-2009-0542, CVE-2009-0543 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- SolarFTP USER Command Remote Denial of Service Vulnerability
- ProFTPD Server SQL Injection Vulnerability
- GNU Bash Environment Variable Handling Shell Remote Command Execution Vulnerability (FTP Check)
- Windows Administrator NULL FTP password
- Golden FTP Server Malformed Message Denial Of Service Vulnerability