PT-2015-1244

Name of the Vulnerable Software and Affected Versions ProFTPD version 1.3.5 Description The issue allows remote attackers to read and write to arbitrary files. This is achieved via the site cpfr and site cpto commands, which are part of the mod copy module in the ProFTPD FTP server. Recommendatio...

Fedora Update for proftpd FEDORA-2015-7086

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : proftpd-1.3.5-5.fc21 (2015-7086)

Vadim Melihow reported a critical issue with proftpd installations that use the modcopy module's SITE CPFR/SITE CPTO commands; modcopy allows these commands to be used by unauthenticated clients Upstream report: http://bugs.proftpd.org/showbug.cgi?id=4169 Note that modcopy is not loaded/enabled b...

[SECURITY] Fedora 21 Update: proftpd-1.3.5-5.fc21

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

[slackware-security] proftpd (SSA:2015-111-12)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security proftpd SSA:2015-111-12 New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

ProFTPD unauthorized files access

Unauthorized files copy via modcopy...

Fedora 20 : proftpd-1.3.4e-3.fc20 (2015-6401)

Vadim Melihow reported a critical issue with proftpd installations that use the modcopy module's SITE CPFR/SITE CPTO commands; modcopy allows these commands to be used by unauthenticated clients Upstream report: http://bugs.proftpd.org/showbug.cgi?id=4169 This update contains a backported fix for...

Fedora Update for proftpd FEDORA-2015-6401

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: proftpd-1.3.4e-3.fc20

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

[SECURITY] Fedora 22 Update: proftpd-1.3.5-6.fc22

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

ProFTPD mod_copy Unauthenticated Remote File Copying (CVE-2015-3306)

A remote file copying vulnerability exists in ProFTPD. The vulnerability is due to a design weakness within module modcopy. Successful exploitation would result in arbitrary code execution on target system...

ProFTPd (mod_copy) Remote Command Execution Vulnerability

ProFTPD is ProFTPD team of a set of open source FTP server software . The software is highly configurable , secure , stable and so on. A remote command execution vulnerability exists in ProFTPd. An attacker can exploit the vulnerability to execute arbitrary code in the context of an affected...

ProFTPD 1.3.5 Mod_Copy Command Execution

This module exploits the SITE CPFR/CPTO modcopy commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default...

[slackware-security] proftpd

New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/proftpd-1.3.4e-i486-1slack14.1.txz: Upgraded. Patched an issue where modcopy allowed unauthenticated copyi...

ProFTPd CPFR / CPTO Proof Of Concept

''' for educational purpouse ONLY! c0ded by daldana. daniel.aldana.moreno at gmail.com please, first read https://github.com/chcx/cpxproftpd/ ''' import sys from ftplib import FTP def mainargv: if lenargv == 4: ip = argv1 src = argv2 dst = argv3 option = 1 elif lenargv == 3: ip = argv1 dst = argv...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : proftpd (SSA:2015-111-12)

New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2015-111-12. The text...

ProFTPd 1.3.5 - mod_copy Remote Command Execution

ProFTPd 1.3.5 - modcopy Remote Command Execution Title: ProFTPd 1.3.5 Remote Command Execution Date : 20/04/2015 Author: R-73eN Software: ProFTPd 1.3.5 with modcopy Tested : Kali Linux 1.06 CVE : 2015-3306 Greetz to Vadim Melihow for all the hard work . import socket import sys import requests...

ProFTPd 1.3.5 Remote Command Execution

Title: ProFTPd 1.3.5 Remote Command Execution Date : 20/04/2015 Author: R-73eN Software: ProFTPd 1.3.5 with modcopy Tested : Kali Linux 1.06 CVE : 2015-3306 Greetz to Vadim Melihow for all the hard work . import socket import sys import requests Banner banner = "" banner += " \n" banner +=" | | /...

ProFTPd 1.3.5 - Remote Command Execution Exploit

Exploit for linux platform in category remote exploits Title: ProFTPd 1.3.5 Remote Command Execution Date : 20/04/2015 Author: R-73eN Software: ProFTPd 1.3.5 with modcopy Tested : Kali Linux 1.06 CVE : 2015-3306 Greetz to Vadim Melihow for all the hard work . import socket import sys import...

ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution

Title: ProFTPd 1.3.5 Remote Command Execution Date : 20/04/2015 Author: R-73eN Software: ProFTPd 1.3.5 with modcopy Tested : Kali Linux 1.06 CVE : 2015-3306 Greetz to Vadim Melihow for all the hard work . import socket import sys import requests Banner banner = "" banner += " \n" banner +=" | | /...