10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Added: 05/29/2015
CVE: CVE-2015-3306
BID: 74238
OSVDB: 120834
ProFTPD is free FTP Server software for Unix and Linux platforms.
The mod_copy extension, if enabled in ProFTPD, allows unauthenticated attackers to read and write arbitrary files using the **SITE CPFR**
and **SITE CPTO**
commands. This can lead to arbitrary command execution if the system also runs a web server supporting PHP.
Upgrade to ProFTPD 1.3.5a or 1.3.6rc1 or higher, or install a package update from your Linux vendor.
<http://bugs.proftpd.org/show_bug.cgi?id=4169>
Exploit works on ProFTPD 1.3.5 and requires the mod_copy module to be enabled.
The target must also run a web server supporting PHP in order for the exploit to succeed.
Linux