Lucene search

[email protected]NVD:CVE-2010-4652

HistoryFeb 02, 2011 - 1:00 a.m.

CVE-2010-4652

2011-02-0201:00:04

CWE-119

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.256 Low

EPSS

Percentile

96.7%

JSON

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.

Affected configurations

NVD

Node

proftpdproftpdRange≤1.3.3c

proftpdproftpdMatch1.2.0

proftpdproftpdMatch1.2.0pre10

proftpdproftpdMatch1.2.0pre9

proftpdproftpdMatch1.2.0rc1

proftpdproftpdMatch1.2.0rc2

proftpdproftpdMatch1.2.0rc3

proftpdproftpdMatch1.2.1

proftpdproftpdMatch1.2.2

proftpdproftpdMatch1.2.2rc1

proftpdproftpdMatch1.2.2rc2

proftpdproftpdMatch1.2.2rc3

proftpdproftpdMatch1.2.3

proftpdproftpdMatch1.2.4

proftpdproftpdMatch1.2.5

proftpdproftpdMatch1.2.5rc1

proftpdproftpdMatch1.2.5rc2

proftpdproftpdMatch1.2.5rc3

proftpdproftpdMatch1.2.6

proftpdproftpdMatch1.2.6rc1

proftpdproftpdMatch1.2.6rc2

proftpdproftpdMatch1.2.7

proftpdproftpdMatch1.2.7rc1

proftpdproftpdMatch1.2.7rc2

proftpdproftpdMatch1.2.7rc3

proftpdproftpdMatch1.2.8

proftpdproftpdMatch1.2.8rc1

proftpdproftpdMatch1.2.8rc2

proftpdproftpdMatch1.2.9

proftpdproftpdMatch1.2.9rc1

proftpdproftpdMatch1.2.9rc2

proftpdproftpdMatch1.2.9rc3

proftpdproftpdMatch1.2.10

proftpdproftpdMatch1.2.10rc1

proftpdproftpdMatch1.2.10rc2

proftpdproftpdMatch1.2.10rc3

proftpdproftpdMatch1.3.0

proftpdproftpdMatch1.3.0a

proftpdproftpdMatch1.3.0rc1

proftpdproftpdMatch1.3.0rc2

proftpdproftpdMatch1.3.0rc3

proftpdproftpdMatch1.3.0rc4

proftpdproftpdMatch1.3.0rc5

proftpdproftpdMatch1.3.1

proftpdproftpdMatch1.3.1rc1

proftpdproftpdMatch1.3.1rc2

proftpdproftpdMatch1.3.1rc3

proftpdproftpdMatch1.3.2

proftpdproftpdMatch1.3.2a

proftpdproftpdMatch1.3.2b

proftpdproftpdMatch1.3.2c

proftpdproftpdMatch1.3.2d

proftpdproftpdMatch1.3.2e

proftpdproftpdMatch1.3.2rc1

proftpdproftpdMatch1.3.2rc2

proftpdproftpdMatch1.3.2rc3

proftpdproftpdMatch1.3.2rc4

proftpdproftpdMatch1.3.3

proftpdproftpdMatch1.3.3a

proftpdproftpdMatch1.3.3b

proftpdproftpdMatch1.3.3rc1

proftpdproftpdMatch1.3.3rc2

proftpdproftpdMatch1.3.3rc3

proftpdproftpdMatch1.3.3rc4

References

bugs.proftpd.org/show_bug.cgi?id=3536

lists.fedoraproject.org/pipermail/package-announce/2011-January/053537.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/053540.html

phrack.org/issues.html?issue=67&id=7#article

proftpd.org/docs/RELEASE_NOTES-1.3.3d

www.debian.org/security/2011/dsa-2191

www.mandriva.com/security/advisories?name=MDVSA-2011:023

www.securityfocus.com/bid/44933

www.vupen.com/english/advisories/2011/0248

www.vupen.com/english/advisories/2011/0331

bugzilla.redhat.com/show_bug.cgi?id=670170

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.256 Low

EPSS

Percentile

96.7%

JSON

Related for NVD:CVE-2010-4652

nessus6 ubuntucve1 openvas15 debiancve1 cve2 prion2 cvelist2 nvd1 fedora5 debian1 gentoo1