News

Vulnerability in ProFTPD allows coping files without permission and executing arbitrary code

German researcher Tobias Mädel discovered that, under certain conditions, ProFTPD servers are vulnerable to remote code execution and information disclosure attacks.

The root of the problem lies in the mod_copy module bug, which allows arbitrary files copying. Most often, this module is enabled by default.

“All versions of ProFTPd up to and including 1.3.6 (the problem extends to 1.3.6 only if the compilation date is earlier than 07/17/19) are vulnerable in the mod_copy module“, – reported Tobias Mädel

The bug allows an authenticated user (including an anonymous user) to copy files, even if he does not have permission to write. This behavior is caused by an error in SITE CPFR and SITE CPTO, commands ignore denyall “Limit WRITE”, which allows the user to copy the file to the current folder, even if he does not have such rights.

Medel emphasizes that in order to implement the remote execution of an arbitrary code on practice, must meet at once a number of conditions. So, mod_copy must be enabled, the attacker will need access to the server (anonymous account or authorization), the server must have a file with PHP code, but not using the PHP extension, and so on.

Read also: RIG exploit recruitment operators began to distribute the ERIS coder over the network

According to Shodan statistics, at least 28,000 potentially vulnerable servers with anonymous access and more than a million ProFTPD servers as a whole can be detected on the network.

The vulnerability received the identifier CVE-2019-12815 (Debian, SUSE, Ubuntu) and is associated with the old bug CVE-2015-3306, which allowed an attacker to read and write arbitrary files using SITE CPFR and SITE CPTO.

However, currently the problem remains uncorrected. The fact is that the patch for the problem has already been written and was added retroactively to ProFTPD 1.3.6, but the developers have not yet released a new patched version. Thus, if your package is compiled to 7.17.19, you are vulnerable. In this case, you can either disable mod_copy, or you should take care of downloading and recompiling.

ProFTPd is an open source, cross-platform FTP server that supports most UNIX systems and Windows. It is one of the most popular solutions focused on UNIX platforms, along with Pure-FTPd and vsftpd.
Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Kabatibly.co.in Pop-up Ads

About Kabatibly.co.in Kabatibly.co.in pop-ups can not introduce out of nowhere. If you have clicked some…

16 hours ago

Remove Reditarcet.co.in Pop-up Ads

About Reditarcet.co.in Reditarcet.co.in pop-ups can not introduce out of the blue. If you have clicked…

16 hours ago

Remove Everestpeak.top Pop-up Ads

About Everestpeak.top Everestpeak.top pop-ups can not open out of the blue. If you have actually…

20 hours ago

Remove Firm-jawed.yachts Pop-up Ads

About Firm-jawed.yachts Firm-jawed.yachts pop-ups can not launch out of nowhere. If you have clicked some…

20 hours ago

Remove Anapurnatop.top Pop-up Ads

About Anapurnatop.top Anapurnatop.top pop-ups can not expose out of nowhere. If you have clicked on…

21 hours ago

Remove Boomira.com Pop-up Ads

About Boomira.com Boomira.com pop-ups can not open out of nowhere. If you have clicked on…

21 hours ago