FreeBSD : proftpd -- multiple sql injection vulnerabilities (ca0841ff-1254-11de-a964-0030843d3802)
High Nessus Plugin ID 35941
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionSecunia reports :
Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks.
The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in an environment using a multi-byte character encoding.
An error exists in the 'mod_sql' module when processing e.g. user names containing '%' characters. This can be exploited to bypass input sanitation routines and manipulate SQL queries by injecting arbitrary SQL code.
SolutionUpdate the affected packages.