CVE-2010-4652

critical

Description

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.

References

http://www.vupen.com/english/advisories/2011/0331

http://www.vupen.com/english/advisories/2011/0248

http://www.securityfocus.com/bid/44933

http://www.mandriva.com/security/advisories?name=MDVSA-2011:023

http://www.debian.org/security/2011/dsa-2191

http://proftpd.org/docs/RELEASE_NOTES-1.3.3d

http://phrack.org/issues.html?issue=67&id=7#article

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053540.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053537.html

Details

Source: Mitre, NVD

Published: 2011-02-02

Updated: 2011-03-18

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical