安全研究
安全漏洞
ProFTPD mod_sql用户名SQL注入漏洞
发布日期:2009-02-10
更新日期:2009-02-12
受影响系统:
ProFTPD Project ProFTPD 1.3.2不受影响系统:
ProFTPD Project ProFTPD 1.3.1
ProFTPD Project ProFTPD 1.3.2 rc3描述:
BUGTRAQ ID: 33722
CVE(CAN) ID: CVE-2009-0542
ProFTPD是一款开放源代码FTP服务程序。
ProFTPD的SQL认证模块没有正确地处理百分号字符(%)。在mod_sql查询中,可使用百分号表示变量。当mod_sql模块查找到百分号时,就会试图用变量替换,这就改变了基本查询的用户名。例如,对于用户名tj%string.com,由于会使用FTP响应状态替换百分号,但不存在状态值,因此会使用默认的“-”字符串,这个用户名最终变为tj-tring.com。
<*来源:TJ Saunders (tj@castaglia.org)
链接:http://marc.info/?l=bugtraq&m=123429913924296&w=2
http://bugs.proftpd.org/show_bug.cgi?format=multiple&id=3180
http://bugs.proftpd.org/show_bug.cgi?format=multiple&id=3124
http://www.debian.org/security/2009/dsa-1730
http://www.debian.org/security/2009/dsa-1727
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1727-1)以及相应补丁:
DSA-1727-1:New proftpd-dfsg packages fix SQL injection vulnerabilites
链接:http://www.debian.org/security/2009/dsa-1727
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny1.dsc
Size/MD5 checksum: 1348 bb4118976a78b6eef4356123b4e322da
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny1.diff.gz
Size/MD5 checksum: 102388 7873fdab33c5e044dce721300d496d7e
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1.orig.tar.gz
Size/MD5 checksum: 2662056 da40b14c5b8ec5467505c98b4ee4b7b9
Architecture independent components:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.1-17lenny1_all.deb
Size/MD5 checksum: 1256300 f0e73bd54793839c802b3c3ce85bb123
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.1-17lenny1_all.deb
Size/MD5 checksum: 194896 cda6edb78e4a5ab9c8a90cfdaeb19b32
AMD64 architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_amd64.deb
Size/MD5 checksum: 744914 4c09f5af5f825f0c068f3dce4a1c7a84
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_amd64.deb
Size/MD5 checksum: 214334 eb8f6f56afda836f85f6d808a6086c6a
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_amd64.deb
Size/MD5 checksum: 203878 8d13ce2c0d2c15eec496d3e014aa1ea3
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_amd64.deb
Size/MD5 checksum: 203902 ce74fcf7e0f082fcf4454120e984a0c3
ARM architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_arm.deb
Size/MD5 checksum: 696884 cab353aa755852b2c07916f234268e39
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_arm.deb
Size/MD5 checksum: 213832 faad0df7dab14fdca108c6370ae3edf0
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_arm.deb
Size/MD5 checksum: 203260 3940f22df22db3ce6a3644a22b68e82b
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_arm.deb
Size/MD5 checksum: 203448 35f6cb99d5f9886d74a8a1e72df36a2d
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_i386.deb
Size/MD5 checksum: 688540 bdcbe2b33ed58bf474824c4639dcfb99
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_i386.deb
Size/MD5 checksum: 212208 bcb4bce6c950fe4fd416fcf9e97b79f6
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_i386.deb
Size/MD5 checksum: 203074 55e8334da716aeb8efe43803c8f71d00
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_i386.deb
Size/MD5 checksum: 203054 189e02b962d043af8bbb0b29ac61e881
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_ia64.deb
Size/MD5 checksum: 980498 6129efd03c600138d89d341dfd2b9641
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_ia64.deb
Size/MD5 checksum: 221974 3aea4ff6d0dd4729a901a21ddfefe18c
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_ia64.deb
Size/MD5 checksum: 207238 2670aca7f909b86c6b567e2a1ac44917
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_ia64.deb
Size/MD5 checksum: 207126 9f52b57603c3d47c354edb2c460e0aa1
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_mips.deb
Size/MD5 checksum: 691342 6d88d7863198638c168ac1de05d5cb49
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_mips.deb
Size/MD5 checksum: 212038 d1e82db5072e2f62f5f84e2daf86f978
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_mips.deb
Size/MD5 checksum: 203104 f59921ea889ce268bdf36d54285ae3ed
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_mips.deb
Size/MD5 checksum: 203032 89a9deeecb78e593cd2499c6b5bdcff1
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_mipsel.deb
Size/MD5 checksum: 688780 041668e9d855af2d5b6c010a783e66bc
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_mipsel.deb
Size/MD5 checksum: 211596 b8c5e6fa91a952ecb304610d42b7819d
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_mipsel.deb
Size/MD5 checksum: 203172 32c0cd6a98215dc943b35354b999041a
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_mipsel.deb
Size/MD5 checksum: 203064 72cad0d3aea5aaef1535294da306f989
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_powerpc.deb
Size/MD5 checksum: 776798 0bdd119672b2ce4a57229f791e4740a5
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_powerpc.deb
Size/MD5 checksum: 218006 e3ca91a5e057086a28ee00d698505171
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_powerpc.deb
Size/MD5 checksum: 205758 75db9214e07ca88a71371731d3b445d7
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_powerpc.deb
Size/MD5 checksum: 205942 c1ae0f701446f8e71b58d51f9cbdd31b
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_s390.deb
Size/MD5 checksum: 739296 3297f0d1b3add5d9b34ffddbfb192c0b
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_s390.deb
Size/MD5 checksum: 214182 2ee7910d17befa48c491e3303f825d6a
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_s390.deb
Size/MD5 checksum: 204150 2c7622b4ba0a1fce7ac5c862be2d7163
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_s390.deb
Size/MD5 checksum: 204266 be2aac143d55ad96c1a705712998947c
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_sparc.deb
Size/MD5 checksum: 701314 7d15073aba40282034905f0b98537fbf
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_sparc.deb
Size/MD5 checksum: 213518 a5ae26d4877378b69350a780d91a20f9
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_sparc.deb
Size/MD5 checksum: 203274 ac2e2659e6865eefc9b92be8d74f75b9
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_sparc.deb
Size/MD5 checksum: 203550 83e40d59d94f86ddd761f5c93df0e945
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
ProFTPD Project
---------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.proftpd.org/
浏览次数:4893
严重程度:0(网友投票)
绿盟科技给您安全的保障