ProFTPD: Remote code execution

Background ProFTPD is an advanced and very configurable FTP server. Description It was discovered that ProFTPD’s “modcopy” module does not properly restrict privileges for anonymous users. Impact A remote attacker, by anonymously uploading a malicious file, could possibly execute arbitrary code...

OPENSUSE-SU-2019:1870-1 Security update for proftpd

This update for proftpd fixes the following issues: Security issues fixed: - CVE-2019-12815: Fixed arbitrary file copy in modcopy that allowed for remote code execution and information disclosure without authentication bnc1142281. This update was imported from the openSUSE:Leap:15.0:Update update...

Security update for proftpd (important)

openSUSE Security Update: Security update for proftpd Announcement ID: openSUSE-SU-2019:1870-1 Rating: important References: 1142281 Cross-References: CVE-2017-7418 CVE-2019-12815 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

openSUSE Security Update : proftpd (openSUSE-2019-1836)

This update for proftpd fixes the following issues : Security issues fixed : - CVE-2019-12815: Fixed arbitrary file copy in modcopy that allowed for remote code execution and information disclosure without authentication bnc1142281. C Tenable Network Security, Inc. The descriptive text and packag...

Debian DLA-1873-1 : proftpd-dfsg security update

Tobias Maedel discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands. For Debian 8 'Jessie', this problem has been fixed in version 1.3.5e+r1.3.5-2+deb8u3. We recommend that you upgrade your proftpd-dfsg package...

Fedora 30 : proftpd (2019-e9187610c3)

This update addresses an arbitrary file copy vulnerability in modcopy in ProFTPD, which allowed for remote code execution and information disclosure without authentication due to not honoring constraints. Upstream bug: http://bugs.proftpd.org/showbug.cgi?id=4372 Note that Tenable Network Security...

Debian DSA-4491-1 : proftpd-dfsg - security update

Tobias Maedel discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4491...

Fedora 29 : proftpd (2019-82b0f48691)

This update addresses an arbitrary file copy vulnerability in modcopy in ProFTPD, which allowed for remote code execution and information disclosure without authentication due to not honoring constraints. Upstream bug: http://bugs.proftpd.org/showbug.cgi?id=4372 Note that Tenable Network Security...

openSUSE: Security Advisory for proftpd (openSUSE-SU-2019:1836-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2019:1836-1 Security update for proftpd

This update for proftpd fixes the following issues: Security issues fixed: - CVE-2019-12815: Fixed arbitrary file copy in modcopy that allowed for remote code execution and information disclosure without authentication bnc1142281...

Security update for proftpd (important)

openSUSE Security Update: Security update for proftpd Announcement ID: openSUSE-SU-2019:1836-1 Rating: important References: 1142281 Cross-References: CVE-2017-7418 CVE-2019-12815 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that fixes two...

Debian: Security Advisory (DLA-1873-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1873-1] proftpd-dfsg security update

Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u3 CVE ID : CVE-2019-12815 Debian Bug : 932453 Tobias Maedel discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands. For Debian 8 "Jessie", this problem has...

Debian: Security Advisory (DSA-4491-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4491-1] proftpd-dfsg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4491-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 04, 2019 https://www.debian.org/security/faq -...

DSA-4491-1 proftpd-dfsg - security update

Bulletin has no description...

Fedora Update for proftpd FEDORA-2019-e9187610c3

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for proftpd FEDORA-2019-82b0f48691

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the mod_copy module in the ProFTPD FTP server allows a hacker to execute arbitrary code on the target system by sending CPFR and CPTO commands to the ProFTPD server.

The vulnerability of the modcopy module in the ProFTPD FTP server is related to errors during the checking of read and write access restrictions Limit READ and Limit WRITE. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system by sending commands CP...

[SECURITY] Fedora 29 Update: proftpd-1.3.6-21.fc29

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...