The security researcher Tobias Mädel discovered a vulnerability in the open-source ProFTPD file transfer protocol (FTP) server that can be exploited to copy files to vulnerable servers and potentially execute arbitrary code.
“Tobias Mädel has identified a vulnerability in ProFTPd’s mod_copy. mod_copy is supplied in the default installation of ProFTPd and is enabled by default in most distributions (e.g. Debian).” states the advisory.
The expert explained that the CVE-2019-12815 is technically very similar to the CVE-2015-3306 in ProFTPD, but the old issue is “much more dangerous.”
ProFTPD is very popular, it is used in many Linux and Unix distros, you can find it in SourceForge, Samba, and Linksys.
The vulnerability, tracked as CVE-2019-12815, resides in the mod_copy module that implements commands for copying files and folders on the same server without the necessity to first transfer the data to the client. This module is enabled by default in most operating systems.
“An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.” states the advisory published by Mitre.
In order to exploit the flaw, the attacker needs to have access to the targeted machine.
Querying the Shodan search engine for “ProFTPd Anonymous” (i.e., servers that allow anonymous access) it is possible to find over 28,000 potentially exposed to hacking. Most of the servers are in the United States (9,443), followed by Germany (2,638) and Japan (2,002). The attacker would have to connect to the server and attempt to issue a command to determine if it is vulnerable.
Both Debian and SUSE published a security advisory for the vulnerability.
Experts pointed out that the flaw could allow remote code execution only if the server has a certain configuration.
“I’ve seen web servers using ProFTPd with PHP and anonymous access. In this scenario RCE is possible,” the expert told SecurityWeek.
Below the timeline for the flaw:
A patch addressing the flaw is already available, it was backported to version 1.3.6, but it has yet to be included in a new release.
As a workaround, admins can disable the mod_copy module in the ProFTPd configuration file.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Linux)
[adrotate banner=”5″]
[adrotate banner=”13″]
On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint,…
New botnet HTTPBot is targeting China's gaming, tech, and education sectors, cybersecurity researchers warn. NSFOCUS …
Meta plans to train AI on EU user data from May 27 without consent; privacy…
Over half of firms adopted AI in 2024, but cloud tools like Azure OpenAI raise…
Google released emergency security updates to fix a Chrome vulnerability that could lead to full…
Nova Scotia Power confirmed a data breach involving the theft of sensitive customer data after…
This website uses cookies.