Vulnerabilities

CVE-2010-4652

by Fred · 01/02/2011

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.

Date published : 2011-02-01

http://www.securityfocus.com/bid/44933

http://proftpd.org/docs/RELEASE_NOTES-1.3.3d

Similar

Tags: Cybersecurity Alert