CVE-2010-4652
published 2011-02-02CVE-2010-4652: Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
11.34%
95.4th percentile
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | proftpd-dfsg | < proftpd-dfsg 1.3.3a-6 (bookworm) | proftpd-dfsg 1.3.3a-6 (bookworm) |
| proftpd | proftpd | <= 1.3.3 | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-4652: proftpd-dfsg - Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c)...
vendor_debian·2010·CVSS 6.8
CVE-2010-4652 [MEDIUM] CVE-2010-4652: proftpd-dfsg - Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c)...
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
Scope: local
bookworm: resolved (fixed in 1.3.3a-6)
bullseye: resolved (fixed in 1.3.3a-6)
forky: resolved (fixed in 1.3.3a-6)
sid: resolved (fixed in 1.3.3a-6)
trixie: resolved (fixed in 1.3.3a-6)
GHSA
GHSA-m7wr-xc9c-g7x3: Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql
ghsa_unreviewed·2022-05-17
CVE-2010-4652 [MEDIUM] CWE-119 GHSA-m7wr-xc9c-g7x3: Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
GHSA
GHSA-752v-qjgq-xgm6: Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-4562 [MEDIUM] CWE-200 GHSA-752v-qjgq-xgm6: Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
OSV
CVE-2010-4652: Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql
osv·2011-02-02·CVSS 6.8
CVE-2010-4652 [MEDIUM] CVE-2010-4652: Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-4652 ProFTPD (mod_sql): Heap-based buffer overflow by processing certain usernames, when mod_sql module enabled
bugzilla·2011-01-17·CVSS 6.8
CVE-2010-4652 [MEDIUM] CVE-2010-4652 ProFTPD (mod_sql): Heap-based buffer overflow by processing certain usernames, when mod_sql module enabled
CVE-2010-4652 ProFTPD (mod_sql): Heap-based buffer overflow by processing certain usernames, when mod_sql module enabled
A heap-based buffer overflow flaw was found in the way ProFTPD FTP server
prepared SQL queries for certain usernames, when the mod_sql module was
enabled. A remote, unauthenticated attacker could use this flaw to
cause proftpd daemon to crash or, potentially, to execute arbitrary
code with the privileges of the user running 'proftpd' via a specially-crafted
username, provided in the authentication dialog.
Upstream bug report:
[1] http://bugs.proftpd.org/show_bug.cgi?id=3536
References:
[2] http://www.securityfocus.com/bid/44933
[3] http://phrack.org/issues.html?issue=67&id=7#article
[4] http://bugs.gentoo.org/show_bug.cgi?id=348998
[5] http://proftpd.org/docs/RELEASE_
Bugzilla
CVE-2010-4652 ProFTPD (mod_sql): Heap-based buffer overflow by processing certain usernames, when mod_sql module enabled [fedora-all]
bugzilla·2011-01-17·CVSS 6.8
CVE-2010-4652 [MEDIUM] CVE-2010-4652 ProFTPD (mod_sql): Heap-based buffer overflow by processing certain usernames, when mod_sql module enabled [fedora-all]
CVE-2010-4652 ProFTPD (mod_sql): Heap-based buffer overflow by processing certain usernames, when mod_sql module enabled [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=sec
http://bugs.proftpd.org/show_bug.cgi?id=3536http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053537.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053540.htmlhttp://phrack.org/issues.html?issue=67&id=7#articlehttp://proftpd.org/docs/RELEASE_NOTES-1.3.3dhttp://www.debian.org/security/2011/dsa-2191http://www.mandriva.com/security/advisories?name=MDVSA-2011:023http://www.securityfocus.com/bid/44933http://www.vupen.com/english/advisories/2011/0248http://www.vupen.com/english/advisories/2011/0331https://bugzilla.redhat.com/show_bug.cgi?id=670170http://bugs.proftpd.org/show_bug.cgi?id=3536http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053537.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053540.htmlhttp://phrack.org/issues.html?issue=67&id=7#articlehttp://proftpd.org/docs/RELEASE_NOTES-1.3.3dhttp://www.debian.org/security/2011/dsa-2191http://www.mandriva.com/security/advisories?name=MDVSA-2011:023http://www.securityfocus.com/bid/44933http://www.vupen.com/english/advisories/2011/0248http://www.vupen.com/english/advisories/2011/0331https://bugzilla.redhat.com/show_bug.cgi?id=670170
2011-02-02
Published