CVE-2010-4652
Publication date 2 February 2011
Last updated 24 July 2024
Ubuntu priority
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
Status
Package | Ubuntu Release | Status |
---|---|---|
proftpd-dfsg | 13.10 saucy |
Fixed 1.3.3d-4
|
13.04 raring |
Fixed 1.3.3d-4
|
|
12.10 quantal |
Fixed 1.3.3d-4
|
|
12.04 LTS precise |
Fixed 1.3.3d-4
|
|
11.10 oneiric |
Fixed 1.3.3d-4
|
|
11.04 natty |
Fixed 1.3.3d-4
|
|
10.10 maverick | Ignored end of life | |
10.04 LTS lucid | Ignored end of life | |
9.10 karmic | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
6.06 LTS dapper | Not in release |