Alerta de Segurança Debian

DSA-338-1 proftpd -- injeção SQL

Data do Alerta:

29 Jun 2003

Pacotes Afetados:

proftpd

Vulnerável:

Sim

Referência à base de dados de segurança:

Na base de dados do BugTraq (na SecurityFocus): ID BugTraq 7974.
No dicionário CVE do Mitre: CVE-2003-0500.

Informações adicionais:

runlevel [runlevel@raregazz.org] relatou que o módulo de autenticação PostgreSQL do ProFTPD é vulnerável a um ataque de injeção de código SQL. Esta vulnerabilidade pode ser explorada por atacante remoto não autenticado para executar instruções SQL arbitrárias, expondo potencialmetne as senhas dos outros usuários ou para conectar o ProFTPD como um usuário arbitrário sem fornecer a senha correta.

Na atual distribuição estável (woody) este problema foi corrigido na versão 1.2.4+1.2.5rc1-5woody2.

Na distribuição instável (sid) este problema foi corrigido na versão 1.2.8-8.

Nós recomendamos que você atualize seus pacotes proftpd.

Corrigido em:

Debian GNU/Linux 3.0 (woody)

Fonte:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2.dsc; http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2.tar.gz
Componente independente de arquitetura:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.4+1.2.5rc1-5woody2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_alpha.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_alpha.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_alpha.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_alpha.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_arm.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_arm.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_arm.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_arm.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_i386.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_i386.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_i386.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_i386.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_ia64.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_ia64.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_ia64.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_ia64.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_hppa.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_hppa.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_hppa.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_hppa.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_m68k.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_m68k.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_m68k.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_m68k.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_mips.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_mips.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_mips.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_mips.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_mipsel.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_mipsel.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_mipsel.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_mipsel.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_powerpc.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_powerpc.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_powerpc.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_powerpc.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_s390.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_s390.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_s390.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_s390.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_sparc.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_sparc.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_sparc.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_sparc.deb; http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_sparc.deb

Checksums MD5 dos arquivos listados estão disponíveis no alerta original.

Esta página também está disponível nos seguintes idiomas:

dansk Deutsch English español français Русский (Russkij) svenska

Como configurar o idioma padrão dos documentos

Para relatar um problema com o site web, envie uma mensagem em inglês para debian-www@lists.debian.org ou em português para debian-l10n-portuguese@lists.debian.org. Para outras informações de contato, veja a página de contato do Debian.