German researcher Tobias Mädel descubierto ese, bajo ciertas condiciones, Los servidores ProFTPD son vulnerables a la ejecución remota de código y a los ataques de divulgación de información..
The root of the problem lies in the mod_copy module bug, que permite copiar archivos arbitrarios. Más amenudo, este módulo está habilitado por defecto."Todas las versiones de ProFTPd hasta e incluyendo 1.3.6 (el problema se extiende a 1.3.6 only if the compilation date is earlier than 07/17/19) are vulnerable in the mod_copy module“, – reported Tobias Mädel
The bug allows an authenticated user (including an anonymous user) to copy files, even if he does not have permission to write. This behavior is caused by an error in SITE CPFR y SITE CPTO, commands ignore denyall “Limit WRITE”, which allows the user to copy the file to the current folder, even if he does not have such rights.
Medel emphasizes that in order to implement the remote execution of an arbitrary code on practice, must meet at once a number of conditions. Asi que, mod_copy must be enabled, the attacker will need access to the server (anonymous account or authorization), the server must have a file with PHP code, but not using the PHP extension, y así.
leer también: RIG explotar los operadores de reclutamiento comenzaron a distribuir el codificador ERIS través de la red
According to Shodan statistics, al menos 28,000 potentially vulnerable servers with anonymous access and more than a million ProFTPD servers as a whole can be detected on the network.
La vulnerabilidad recibido el identificador CVE-2019-12815 (Debian, Suse, Ubuntu) and is associated with the old bug CVE-2015-3306, which allowed an attacker to read and write arbitrary files using SITE CPFR and SITE CPTO.
sin embargo, currently the problem remains uncorrected. The fact is that the patch for the problem has already been written and was added retroactively to ProFTPD 1.3.6, but the developers have not yet released a new patched version. Así, if your package is compiled to 7.17.19, you are vulnerable. En este caso, you can either disable mod_copy, or you should take care of downloading and recompiling.
