GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Aug 16, 2019 2:26 am Post subject: [ GLSA 201908-16 ] ProFTPD |
 |
|
Gentoo Linux Security Advisory
Title: ProFTPD: Remote code execution (GLSA 201908-16)
Severity: high
Exploitable: remote
Date: 2019-08-15
Bug(s): #690528
ID: 201908-16
Synopsis
A vulnerability in ProFTPD could result in the arbitrary execution
of code.
Background
ProFTPD is an advanced and very configurable FTP server.
Affected Packages
Package: net-ftp/proftpd
Vulnerable: < 1.3.6-r5
Unaffected: >= 1.3.6-r5
Architectures: All supported architectures
Description
It was discovered that ProFTPD’s “mod_copy” module does not
properly restrict privileges for anonymous users.
Impact
A remote attacker, by anonymously uploading a malicious file, could
possibly execute arbitrary code with the privileges of the process, cause
a Denial of Service condition or disclose information.
Workaround
There is no known workaround at this time.
Resolution
All ProFTPD users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.6-r5"
|
References
CVE-2019-12815 |
|
News & Announcements
