CVE-2005-2390

Description

Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.

Affected products

• ProFTPD Project / ProFTPD1.2.0_pre9 – 1.2.0_pre9
• ProFTPD Project / ProFTPD1.2.0_pre10 – 1.2.0_pre10
• ProFTPD Project / ProFTPD1.2.0_rc1 – 1.2.0_rc1
• ProFTPD Project / ProFTPD1.2.0_rc2 – 1.2.0_rc2
• ProFTPD Project / ProFTPD1.2.0_rc3 – 1.2.0_rc3
• ProFTPD Project / ProFTPD1.2.1 – 1.2.1
• ProFTPD Project / ProFTPD1.2.1_final – 1.2.1_final
• ProFTPD Project / ProFTPD1.2.2 – 1.2.2
• ProFTPD Project / ProFTPD1.2.2_rc1 – 1.2.2_rc1
• ProFTPD Project / ProFTPD1.2.2_rc2 – 1.2.2_rc2
• ProFTPD Project / ProFTPD1.2.2_rc3 – 1.2.2_rc3
• ProFTPD Project / ProFTPD1.2.3 – 1.2.3
• ProFTPD Project / ProFTPD1.2.4 – 1.2.4
• ProFTPD Project / ProFTPD1.2.5 – 1.2.5
• ProFTPD Project / ProFTPD1.2.5_rc1 – 1.2.5_rc1
• ProFTPD Project / ProFTPD1.2.5_rc2 – 1.2.5_rc2
• ProFTPD Project / ProFTPD1.2.5_rc3 – 1.2.5_rc3
• ProFTPD Project / ProFTPD1.2.6 – 1.2.6
• ProFTPD Project / ProFTPD1.2.6_rc1 – 1.2.6_rc1
• ProFTPD Project / ProFTPD1.2.6_rc2 – 1.2.6_rc2
• ProFTPD Project / ProFTPD1.2.6_rc3 – 1.2.6_rc3
• ProFTPD Project / ProFTPD1.2.7 – 1.2.7
• ProFTPD Project / ProFTPD1.2.7_rc1 – 1.2.7_rc1
• ProFTPD Project / ProFTPD1.2.7_rc2 – 1.2.7_rc2
• ProFTPD Project / ProFTPD1.2.7_rc3 – 1.2.7_rc3
• ProFTPD Project / ProFTPD1.2.8 – 1.2.8
• ProFTPD Project / ProFTPD1.2.8_rc1 – 1.2.8_rc1
• ProFTPD Project / ProFTPD1.2.8_rc2 – 1.2.8_rc2
• ProFTPD Project / ProFTPD1.2.9 – 1.2.9
• ProFTPD Project / ProFTPD1.2.9_rc1 – 1.2.9_rc1
• ProFTPD Project / ProFTPD1.2.9_rc2 – 1.2.9_rc2
• ProFTPD Project / ProFTPD1.2.9_rc3 – 1.2.9_rc3
• ProFTPD Project / ProFTPD1.2.10 – 1.2.10
• ProFTPD Project / ProFTPD1.2.10_rc1 – 1.2.10_rc1
• ProFTPD Project / ProFTPD1.2.10_rc2 – 1.2.10_rc2
• ProFTPD Project / ProFTPD1.2.10_rc3 – 1.2.10_rc3
• ProFTPD Project / ProFTPD1.3.0_rc1 – 1.3.0_rc1

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=112604373503912&w=2
• MISChttp://www.securityfocus.com/bid/14381
• MISChttp://www.securityfocus.com/bid/14380
• VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-795
• VENDOR_ADVISORYhttp://secunia.com/advisories/16181
• MISChttp://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2