Hacktorial
785 subscribers
727 photos
14 videos
10 files
600 links
A Community Dedicated To Tech News, Android, Gizmo & Gadgets, Linux, Jokes & Memes, Tips & Tricks, Movies Updates etc.

Website : https://www.hacktorial.in

Contact Admin @HKFeedBackBot
Download Telegram
​​1 Million+ ProFTPD Servers Vulnerable To Remote Code Execution Attacks To A ProFTPD Vulnerability Lets Users Copy Files Without Permission


ProFTPD is an open-source and one of the most popular FTP server software used by more than one million servers all over the world. It comes pre-installed on several Linux and Unix-based distributions, including Debian. A German security researcher has revealed a security flaw that makes ProFTPD servers vulnerable to remote code execution attacks.

Tobias Madel reveals that the vulnerability exists in ProFTPD’s modcopy module which is supplied by default in the installation of the FTP server and is enabled by default in most operating systems.



This bug exists due to an incorrect access control issue in the mod
copy module and can be exploited by an authenticated user without any write permission to copy files on the FTP server. This vulnerability can also be exploited if an anonymous user is enabled in the server settings.

SITE CPFR and SITE CPTO commands are the culprits behind this bug. These commands bypass the “Limit WRITE” DenyAll directives which allow users without write permissions to copy files to a current folder.

All versions of ProFTPD have been affected by the bug labeled as CVE-2019-12815. However, version 1.3.6 is an exception and the bug can only be exploited in 1.3.6 if you install it from sources that have been compiled before 17th July 2019.

To evade this attack, server admins must disable the mod-copy module. ProFTPD has backported a patch to 1.3.6 version and has not released a new version with a fix for the issue yet.

Here Is The Temporary Fix : https://copir.net/how-to-fix-file-copy-vulnerability-in-mod_copy-in-proftpd-cve-2019-12815/


#ProFTPD #FTP #Vulnerability #RemoteCodeExecution #RCE #Fix #Bug #CVE201912815 #Hacktorial

🔰🔰🔰🔰 @HackTorial 🔰🔰🔰🔰