Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Vulnerability in ProFTPD Powered by FTP servers

 

Systems Affected


All versions of ProFTPd including the latest 1.3.6 version

Threat Level


High


Overview


An Attacker could use this vulnerability to perform arbitrary file copy and which could lead to remote code execution.


Description


According to the advisory the vulnerability resides in the mod_copy module of ProFTPD application. ProFTPD is widely used in popular businesses and websites including SourceForge, Samba, Slackware and comes pre-installed with many Linux distributions like debian. Mod_copy module allow users to copy files and directories from one place to another on a server without having to transfer the data to the client and back.
The vulnerability will allow an authentic user to unauthorizdly copy files on a specific location of the server where the user is not given the permission. This flaw could lead into remote code execution or information disclosure.
It is important to notice that not every FTP server running ProFTPD can be hijacked remotely, since the attacker requires log-in to the respective targeted server or server should have anonymous access enabled.


Impact


  ✦  Execute arbitrary code
  ✦  Take control of the whole system (Apple computer)
  ✦  Data modifications
  ✦  Information Disclosure


Solution/ Workarounds


  ✦  ProFTPD project maintain team did not take any action up to today. Workaround option would be disable mod_copy module in the ProFTPD configuration file.


References


  ✦  https://nvd.nist.gov/vuln/detail/CVE-2019-12815
  ✦  https://thehackernews.com/2019/07/linux-ftp-server-security.html


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.