All errata/sisyphus_loongarch64/ALT-PU-2026-10695-1
ALT-PU-2026-10695-1

Package update proftpd in branch sisyphus_loongarch64

Version1.3.9-alt3.b
Task#0
Published2026-07-07
Max severityHIGH
Severity:

Closed issues (2)

BDU:2026-06340
HIGH8.1

Уязвимость функции sqltab_fetch_clients_cb() FTP-сервера ProFTPD, позволяющая нарушителю выполнить произвольные SQL-команды

Published: 2026-05-05Modified: 2026-05-06
CVSS 3.xHIGH 8.1
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0HIGH 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
CVE-2026-44331
HIGH8.1

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the attacker-supplied hostname is passed unescaped into SQL queries. The character restrictions of DNS names may affect exploitability.

Published: 2026-05-05Modified: 2026-06-17
CVSS 3.xHIGH 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H