GLSA-201908-16 : ProFTPD: Remote code execution
High Nessus Plugin ID 127965
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201908-16 (ProFTPD: Remote code execution)
It was discovered that ProFTPD’s “mod_copy” module does not properly restrict privileges for anonymous users.
A remote attacker, by anonymously uploading a malicious file, could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or disclose information.
There is no known workaround at this time.
SolutionAll ProFTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-ftp/proftpd-1.3.6-r5'