ProFTPD mod_copy command execution

Added: 05/29/2015
CVE: CVE-2015-3306
BID: 74238
OSVDB: 120834

Background

ProFTPD is free FTP Server software for Unix and Linux platforms.

Problem

The mod_copy extension, if enabled in ProFTPD, allows unauthenticated attackers to read and write arbitrary files using the SITE CPFR and SITE CPTO commands. This can lead to arbitrary command execution if the system also runs a web server supporting PHP.

Resolution

Upgrade to ProFTPD 1.3.5a or 1.3.6rc1 or higher, or install a package update from your Linux vendor.

References

http://bugs.proftpd.org/show_bug.cgi?id=4169

Limitations

Exploit works on ProFTPD 1.3.5 and requires the mod_copy module to be enabled.

The target must also run a web server supporting PHP in order for the exploit to succeed.

Platforms

Linux

Back to exploit index