Lucene search
SAINT CorporationSAINT:63FB77B9136D48259E4F0D4CDA35E957HistoryMay 29, 2015 - 12:00 a.m.
ProFTPD mod_copy command execution
2015-05-2900:00:00
SAINT Corporation
www.saintcorporation.com
860
0.973 High
EPSS
Percentile
99.8%
Added: 05/29/2015
CVE: CVE-2015-3306
BID: 74238
OSVDB: 120834
Background
ProFTPD is free FTP Server software for Unix and Linux platforms.
Problem
The mod_copy extension, if enabled in ProFTPD, allows unauthenticated attackers to read and write arbitrary files using the **SITE CPFR** and **SITE CPTO** commands. This can lead to arbitrary command execution if the system also runs a web server supporting PHP.
Resolution
Upgrade to ProFTPD 1.3.5a or 1.3.6rc1 or higher, or install a package update from your Linux vendor.
References
<http://bugs.proftpd.org/show_bug.cgi?id=4169>
Limitations
Exploit works on ProFTPD 1.3.5 and requires the mod_copy module to be enabled.
The target must also run a web server supporting PHP in order for the exploit to succeed.
Platforms
Linux
Related
openvas
openvas
Debian Security Advisory DSA 3263-1 (proftpd-dfsg - security update)
2015-05-19 00:00:00
ProFTPD `mod_copy` Unauthenticated Copying Of Files Via SITE CPFR/CPTO
2015-04-13 00:00:00
Fedora Update for proftpd FEDORA-2015-7164
2015-07-07 00:00:00
debian
debian
[SECURITY] [DSA 3263-1] proftpd-dfsg security update
2015-05-19 21:46:37
[SECURITY] [DSA 3263-1] proftpd-dfsg security update
2015-05-19 21:46:37
prion
prion
Cross site scripting
2015-05-18 15:59:00
Information disclosure
2019-07-19 23:15:00
zdt
zdt
ProFTPd 1.3.5 - (mod_copy) Remote Command Execution Exploit (2)
2021-05-26 00:00:00
ProFTPd 1.3.5 - Remote Command Execution Exploit
2015-04-21 00:00:00
ProFTPD 1.3.5 Mod_Copy Command Execution Exploit
2015-06-10 00:00:00
hackerone
hackerone
Mail.ru: [files.ucs.ru] ProFTPd mod_copy Arbitrary Read/Write
2020-11-02 11:13:12
securityvulns
securityvulns
ProFTPD unauthorized files access
2015-05-05 00:00:00
[slackware-security] proftpd (SSA:2015-111-12)
2015-05-05 00:00:00
nessus
nessus
ProFTPD mod_copy Information Disclosure
2015-06-16 00:00:00
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : proftpd (SSA:2015-111-12)
2015-04-22 00:00:00
Fedora 22 : proftpd-1.3.5-6.fc22 (2015-7164)
2015-05-04 00:00:00
saint
saint
ProFTPD mod_copy command execution
2015-05-29 00:00:00
ProFTPD mod_copy command execution
2015-05-29 00:00:00
ProFTPD mod_copy command execution
2015-05-29 00:00:00
debiancve
debiancve
CVE-2015-3306
2015-05-18 15:59:00
CVE-2019-12815
2019-07-19 23:15:00
packetstorm
packetstorm
ProFTPd 1.3.5 Remote Command Execution
2015-04-21 00:00:00
ProFTPD 1.3.5 Mod_Copy Command Execution
2015-06-10 00:00:00
ProFTPd 1.3.5 File Copy
2015-04-18 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: proftpd-1.3.5-5.fc21
2015-05-10 23:49:44
[SECURITY] Fedora 22 Update: proftpd-1.3.5-6.fc22
2015-05-03 17:25:10
[SECURITY] Fedora 20 Update: proftpd-1.3.4e-3.fc20
2015-05-03 17:25:18
canvas
canvas
Immunity Canvas: PROFTPD_MOD_COPY
2015-05-18 15:59:00
ubuntucve
ubuntucve
CVE-2015-3306
2015-05-18 00:00:00
CVE-2019-12815
2019-07-19 00:00:00
checkpoint_advisories
checkpoint_advisories
ProFTPD mod_copy Unauthenticated Remote File Copying (CVE-2015-3306)
2015-04-29 00:00:00
osv
osv
proftpd-dfsg - security update
2015-05-19 00:00:00
CVE-2019-12815
2019-07-19 23:15:11
cve
cve
CVE-2015-3306
2015-05-18 15:59:00
CVE-2019-12815
2019-07-19 23:15:00
freebsd
freebsd
proftpd -- arbitrary code execution vulnerability with chroot
2015-04-15 00:00:00
slackware
slackware
[slackware-security] proftpd
2015-04-22 01:24:15
exploitdb
exploitdb
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)
2021-05-26 00:00:00
thn
thn
A New 'Arbitrary File Copy' Flaw Affects ProFTPD Powered FTP Servers
2019-07-23 15:47:00