ProFTPD mod_copy command execution

Added: 05/29/2015 CVE: CVE-2015-3306 BID: 74238 OSVDB: 120834 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem The modcopy extension, if enabled in ProFTPD, allows unauthenticated attackers to read and write arbitrary files using the SITE CPFR and SITE CPTO...

FreeBSD : proftpd -- arbitrary code execution vulnerability with chroot (d0034536-ff24-11e4-a072-d050996490d0)

ProFTPd development team reports : Vadim Melihow reported a critical issue with proftpd installations that use the modcopy module's SITE CPFR/SITE CPTO commands; modcopy allows these commands to be used by unauthenticated clients. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

Debian DSA-3263-1 : proftpd-dfsg - security update

Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the modcopy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

Security fix for the ALT Linux 8 package proftpd version 1.3.5-alt1.gita31d0ab

May 20, 2015 Konstantin Lepikhov 1.3.5-alt1.gita31d0ab - Updated to 1.3.5-a31d0ab GIT fixing following CVEs: + CVE-2013-4359. - Include the fix for Bug 4169 Unauthenticated copying of files via SITE CPFR/CPTO allowed by modcopy. - Configuration changes: + enabled pcre support; + enabled memcache...

[SECURITY] [DSA 3263-1] proftpd-dfsg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3263-1 [email protected] http://www.debian.org/security/ Sebastien Delafond May 19, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3263-1] proftpd-dfsg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3263-1 [email protected] http://www.debian.org/security/ Sebastien Delafond May 19, 2015 http://www.debian.org/security/faq -...

DSA-3263-1 proftpd-dfsg - security update

Bulletin has no description...

Debian Security Advisory DSA 3263-1 (proftpd-dfsg - security update)

Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the modcopy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code. OpenVAS Vulnerability Test $Id: deb3263.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory...

CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

DEBIAN-CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

Cross site scripting

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

UBUNTU-CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

Immunity Canvas: PROFTPD_MOD_COPY

Name| proftpdmodcopy ---|--- CVE| CVE-2015-3306 Exploit Pack| CANVAS Description| ProFTPd 1.3.5 Remote File Copy Notes| CVE Name: CVE-2015-3306 VENDOR: NOTES: This exploit abuses the commands of the modcopy module in ProFTPd version=1.3.5. The SITE CPFR/CPTO commands can be used by unauthenticate...

CVE-2015-3306

CVE-2015-3306 affects ProFTPD before patches for 1.3.5, via the mod_copy module. Unauthenticated attackers can use SITE CPFR/CPTO to copy files anywhere on the server and can read/write arbitrary files, enabling remote code execution and information disclosure. Public exploits and proofs (e.g., e...

CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

PT-2015-3383 · Proftpd +2 · Proftpd +2

Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.6b ProFTPD version 1.3.7rc before 1.3.7rc2 Description: The issue is related to the incorrect handling of overly long commands in the main.c component of the ProFTPD FTP server. This can lead to a remote...

Debian: Security Advisory (DSA-3263-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...