The remote host is affected by the vulnerability described in GLSA-200903-27 (ProFTPD: Multiple vulnerabilities)

    The following vulnerabilities were reported:
    Percent characters in the username are not properly handled, which     introduces a single quote character during variable substitution by     mod_sql (CVE-2009-0542).
    Some invalid, encoded multibyte characters are not properly handled in     mod_sql_mysql and mod_sql_postgres when NLS support is enabled     (CVE-2009-0543).
  Impact :

    A remote attacker could send specially crafted requests to the server,     possibly resulting in the execution of arbitrary SQL statements.
  Workaround :

    There is no known workaround at this time.

multiple vulnerabilities has been identified and fixed in proftpd :

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. (CVE-2008-4242)

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a '%' (percent) character in the username, which introduces a ''' (single quote) character during variable substitution by mod_sql.
(CVE-2009-0542)

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. (CVE-2009-0543)

The updated packages have been upgraded to the latest proftpd version (1.3.2) to prevent this.

The security update for proftpd-dfsg in DSA-1727-1 caused a regression with the postgresql backend. This update corrects the flaw. Also it was discovered that the oldstable distribution (etch) is not affected by the security issues. For reference the original advisory follows.

Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2009-0542     Shino discovered that proftpd is prone to a SQL     injection vulnerability via the use of certain     characters in the username.

  - CVE-2009-0543     TJ Saunders discovered that proftpd is prone to a SQL     injection vulnerability due to insufficient escaping     mechanisms, when multybite character encodings are used.

The oldstable distribution (etch) is not affected by these problems.

UnixおよびLinux用の無料のFTPサーバーであるProFTPDが、リモートホストで使用されています。

リモートホストで実行されているProFTPDのバージョンにある変数置換機能が悪用されて、SQLインジェクション攻撃が行われる可能性があります。たとえば、リモートの攻撃者が、パーセント記号の文字（「％」）、一重引用符、およびSQLコードを含む特別に細工されたユーザー名を使用して、認証をバイパスする可能性があります。

遠端主機正在使用 ProFTPD，其為適用於 Unix 和 Linux 的免費 FTP 伺服器。

遠端主機上執行的 ProFTPD 版本具有變數替換功能，攻擊者可濫用此功能來發動 SQL 插入攻擊。例如，遠端攻擊者可使用包含百分號字元 (「％」)、單引號和 SQL 程式碼的特製使用者名稱來繞過驗證。

远程主机正在使用 ProFTPD，一款用于 Unix 和 Linux 的免费 FTP 服务器。

远程主机上运行的 ProFTPD 版本中的变量替换功能可被滥用于执行 SQL 注入攻击。例如，远程攻击者可使用特别构建的用户名（包含百分号（“％”）、单引号和 SQL 代码）绕过身份验证。

The remote host is using ProFTPD, a free FTP server for Unix and Linux.

The variable substitution feature in the version of ProFTPD running on the remote host can be abused to conduct a SQL injection attack. For example, a remote attacker can bypass authentication using a specially crafted username containing a percent sign character ('%'), a single quote, and SQL code.

This update has a large number of changes from previous Fedora packages; the highlights are as follows: - Update to upstream release 1.3.2a - Fix SQL injection vulnerability at login (#485125, CVE-2009-0542) - Fix SELinux compatibility (#498375) - Fix audit logging (#506735) - Fix default configuration (#509251) - Many new loadable modules including mod_ctrls_admin and mod_wrap2 - National Language Support (RFC 2640) - Enable/disable common features in /etc/sysconfig/proftpd

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2009-0542     Shino discovered that proftpd is prone to a SQL     injection vulnerability via the use of certain     characters in the username.

  - CVE-2009-0543     TJ Saunders discovered that proftpd is prone to a SQL     injection vulnerability due to insufficient escaping     mechanisms, when multybite character encodings are used.

Secunia reports :

Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks.

The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in an environment using a multi-byte character encoding.

An error exists in the 'mod_sql' module when processing e.g. user names containing '%' characters. This can be exploited to bypass input sanitation routines and manipulate SQL queries by injecting arbitrary SQL code.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.  The version of ProFTPD running on the remote host allows the percent character, '%', within the username.  This would allow attackers to inject special SQL characters such as a single quote.  An attacker exploiting this flaw would be able to execute arbitrary SQL commands against the database server.

ID	名称	产品	系列	发布时间	最近更新时间	严重程度
35917	GLSA-200903-27 : ProFTPD: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	2009/3/13	2021/1/6	high
37354	Mandriva Linux Security Advisory : proftpd (MDVSA-2009:061)	Nessus	Mandriva Local Security Checks	2009/4/23	2021/1/6	high
35755	Debian DSA-1730-1 : proftpd-dfsg - SQL injection vulnerabilites	Nessus	Debian Local Security Checks	2009/3/3	2021/1/4	high
35690	ProFTPDのユーザー名変数置換のSQLインジェクション	Nessus	FTP	2009/2/17	2018/11/15	high
35690	ProFTPD 使用者名稱變數取代 SQL 插入	Nessus	FTP	2009/2/17	2018/11/15	high
35690	ProFTPD 用户名变量替换 SQL 注入	Nessus	FTP	2009/2/17	2018/11/15	high
35690	ProFTPD Username Variable Substitution SQL Injection	Nessus	FTP	2009/2/17	2018/11/15	high
41609	Fedora 10 : proftpd-1.3.2a-5.fc10 (2009-9386)	Nessus	Fedora Local Security Checks	2009/9/25	2021/1/11	high
35739	Debian DSA-1727-1 : proftpd-dfsg - SQL injection vulnerabilites	Nessus	Debian Local Security Checks	2009/2/26	2021/1/4	high
35941	FreeBSD : proftpd -- multiple sql injection vulnerabilities (ca0841ff-1254-11de-a964-0030843d3802)	Nessus	FreeBSD Local Security Checks	2009/3/17	2021/1/6	high
4930	ProFTPD Username Variable Substitution SQL Injection	Nessus Network Monitor	FTP Servers	2009/2/13	2019/3/6	high

检测

插件搜索

high

high

high

high

high

high

high

high

high

high

high