MDVSA-2011:023 -- Mandriva proftpdID: oval:org.secpod.oval:def:301126 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
A vulnerability has been found and corrected in proftpd: Heap-based buffer overflow in the sql_prepare_where function in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |