CVE-2010-4652

Publication date 2 February 2011

Last updated 24 July 2024


Ubuntu priority

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
proftpd-dfsg 13.10 saucy
Fixed 1.3.3d-4
13.04 raring
Fixed 1.3.3d-4
12.10 quantal
Fixed 1.3.3d-4
12.04 LTS precise
Fixed 1.3.3d-4
11.10 oneiric
Fixed 1.3.3d-4
11.04 natty
Fixed 1.3.3d-4
10.10 maverick Ignored end of life
10.04 LTS lucid Ignored end of life
9.10 karmic Ignored end of life
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Not in release