Candidate: CVE-2009-0542
PublicDate: 2009-02-12 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0542
Description:
 SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows
 remote attackers to execute arbitrary SQL commands via a "%" (percent)
 character in the username, which introduces a "'" (single quote) character
 during variable substitution by mod_sql.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_proftpd-dfsg:
upstream_proftpd-dfsg: released (1.3.2)
dapper_proftpd-dfsg: DNE
gutsy_proftpd-dfsg: needed (reached end-of-life)
hardy_proftpd-dfsg: ignored (reached end-of-life)
intrepid_proftpd-dfsg: needed (reached end-of-life)
jaunty_proftpd-dfsg: ignored (reached end-of-life)
karmic_proftpd-dfsg: not-affected (1.3.2-3)
lucid_proftpd-dfsg: not-affected (1.3.2c-1)
maverick_proftpd-dfsg: not-affected (1.3.2c-1)
natty_proftpd-dfsg: not-affected (1.3.2c-1)
oneiric_proftpd-dfsg: not-affected (1.3.2c-1)
devel_proftpd-dfsg: not-affected (1.3.2c-1)