From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Mar 6 19:10:02 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB5851065674; Fri, 6 Mar 2009 19:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B6C558FC13; Fri, 6 Mar 2009 19:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n26JA2it077332; Fri, 6 Mar 2009 19:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n26JA2LU077327; Fri, 6 Mar 2009 19:10:02 GMT (envelope-from gnats) Resent-Date: Fri, 6 Mar 2009 19:10:02 GMT Resent-Message-Id: <200903061910.n26JA2LU077327@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@freebsd.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Cc: beech@freebsd.org Resent-Reply-To: FreeBSD-gnats-submit@freebsd.org, Eygene Ryabinkin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 15A9B1065686 for ; Fri, 6 Mar 2009 19:02:53 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id BB6928FC13 for ; Fri, 6 Mar 2009 19:02:52 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from phoenix.codelabs.ru (ppp85-141-162-105.pppoe.mtu-net.ru [85.141.162.105]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1LffJr-0001wx-Jy for FreeBSD-gnats-submit@freebsd.org; Fri, 06 Mar 2009 22:02:51 +0300 Message-Id: <20090306190253.5247DB8031@phoenix.codelabs.ru> Date: Fri, 6 Mar 2009 22:02:53 +0300 (MSK) From: Eygene Ryabinkin To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 X-GNATS-Notify: beech@freebsd.org Cc: Subject: ports/132369: [vuxml] ftp/proftpd: document CVE-2009-0542 and CVE-2009-0543 (SQL injections) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2009 19:10:03 -0000 >Number: 132369 >Category: ports >Synopsis: [vuxml] ftp/proftpd: document CVE-2009-0542 and CVE-2009-0543 (SQL injections) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Mar 06 19:10:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.1-STABLE amd64 >Organization: Code Labs >Environment: System: FreeBSD 7.1-STABLE amd64 >Description: ProFTPD with versions < 1.3.2 and >= 1.3.1 is prone to a multiple SQL injection vulnerabilities: [1], [2]. >How-To-Repeat: See the following links: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0542 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0543 >Fix: The port is already at 1.3.2, so no upgrade is needed. The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- proftpd -- multiple SQL injections proftpd proftpd-mysql 1.3.11.3.2 proftpd-devel 1.3.20080922

Entry for CVE-2009-0542 says:

SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.

Entry for CVE-2009-0543 says:

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in mod_sql_mysql and mod_sql_postgres.

 CVE-2009-0542 CVE-2009-0543 http://bugs.proftpd.org/show_bug.cgi?id=3180 http://bugs.proftpd.org/show_bug.cgi?id=3173 2009-03-02 TODAY --- vuln.xml ends here --- I am marking the whole -devel line to be vulnerable, because CVE-2009-0542 was resolved in rc3 that is dated November 2008 and CVE-2009-0543 was resolved only in 1.3.2 release version. >Release-Note: >Audit-Trail: >Unformatted: