FTP : ProFTPD <= 1.3.6 'mod_copy' Arbitrary File Copy Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.142662

Categoría: FTP

Título: ProFTPD <= 1.3.6 'mod_copy' Arbitrary File Copy Vulnerability

Resumen: ProFTPD is prone to an arbitrary file copy vulnerability.

Descripción: Summary:
ProFTPD is prone to an arbitrary file copy vulnerability.

Vulnerability Insight:
An arbitrary file copy vulnerability in mod_copy in ProFTPD
allows for remote code execution (RCE) and information disclosure without authentication, a
related issue to CVE-2015-3306.

Affected Software/OS:
ProFTPD version 1.3.6 and prior.

Solution:
As a workaround disable mod_copy in the ProFTPD configuration
file.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-12815
BugTraq ID: 109339
http://www.securityfocus.com/bid/109339
Bugtraq: 20190805 [SECURITY] [DSA 4491-1] proftpd-dfsg security update (Google Search)
https://seclists.org/bugtraq/2019/Aug/3
Debian Security Information: DSA-4491 (Google Search)
https://www.debian.org/security/2019/dsa-4491
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/
https://security.gentoo.org/glsa/201908-16
http://bugs.proftpd.org/show_bug.cgi?id=4372
https://github.com/proftpd/proftpd/pull/816
https://tbspace.de/cve201912815proftpd.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html
SuSE Security Announcement: openSUSE-SU-2019:1836 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html
SuSE Security Announcement: openSUSE-SU-2019:1870 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html
SuSE Security Announcement: openSUSE-SU-2020:0031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html

Copyright Copyright (C) 2019 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.142662
Categoría:	FTP
Título:	ProFTPD <= 1.3.6 'mod_copy' Arbitrary File Copy Vulnerability
Resumen:	ProFTPD is prone to an arbitrary file copy vulnerability.
Descripción:	Summary: ProFTPD is prone to an arbitrary file copy vulnerability. Vulnerability Insight: An arbitrary file copy vulnerability in mod_copy in ProFTPD allows for remote code execution (RCE) and information disclosure without authentication, a related issue to CVE-2015-3306. Affected Software/OS: ProFTPD version 1.3.6 and prior. Solution: As a workaround disable mod_copy in the ProFTPD configuration file. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12815 BugTraq ID: 109339 http://www.securityfocus.com/bid/109339 Bugtraq: 20190805 [SECURITY] [DSA 4491-1] proftpd-dfsg security update (Google Search) https://seclists.org/bugtraq/2019/Aug/3 Debian Security Information: DSA-4491 (Google Search) https://www.debian.org/security/2019/dsa-4491 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/ https://security.gentoo.org/glsa/201908-16 http://bugs.proftpd.org/show_bug.cgi?id=4372 https://github.com/proftpd/proftpd/pull/816 https://tbspace.de/cve201912815proftpd.html https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html SuSE Security Announcement: openSUSE-SU-2019:1836 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html SuSE Security Announcement: openSUSE-SU-2019:1870 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html SuSE Security Announcement: openSUSE-SU-2020:0031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
Copyright	Copyright (C) 2019 Greenbone AG