CVE-2008-4242

Name of the Vulnerable Software and Affected Versions proftpd-ldap (affected versions not specified) proftpd-pgsql (affected versions not specified) proftpd-mysql (affected versions not specified) ProFTPD version 1.3.1

Description The issue concerns multiple vulnerabilities in the proftpd packages of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, a specific vulnerability in ProFTPD 1.3.1 allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

Recommendations For proftpd-ldap, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For proftpd-pgsql, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For proftpd-mysql, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ProFTPD version 1.3.1, consider restricting access to the FTP server to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using long ftp:// URIs in web browsers to prevent CSRF attacks.