Added: 05/29/2015
CVE: CVE-2015-3306
BID: 74238
OSVDB: 120834
ProFTPD is free FTP Server software for Unix and Linux platforms.
The mod_copy extension, if enabled in ProFTPD, allows unauthenticated attackers to read and write arbitrary files using the **SITE CPFR**
and **SITE CPTO**
commands. This can lead to arbitrary command execution if the system also runs a web server supporting PHP.
Upgrade to ProFTPD 1.3.5a or 1.3.6rc1 or higher, or install a package update from your Linux vendor.
<http://bugs.proftpd.org/show_bug.cgi?id=4169>
Exploit works on ProFTPD 1.3.5 and requires the mod_copy module to be enabled.
The target must also run a web server supporting PHP in order for the exploit to succeed.
Linux