Detections
Analytics

ProFTPD 'mod_copy' Arbitrary File Copy Vulnerability (Remote)

critical Nessus Plugin ID 132749

Language:

Synopsis

It is possible for anonymous users to copy arbitrary files.

Description

The remote host is running ProFTPD. It is affected by a vulnerability in the mod_copy module which fails to honor <Limit READ> and <Limit WRITE> configurations as expected. An unauthenticated, remote attacker can exploit this, by using the mod_copy module's functionality, in order to copy arbitrary files in the FTP directory, provided that anonymous logins and mod_copy are enabled and the FTP directory is accessible from a web server. If a file exists in the FTP directory that contains PHP code but does not use the PHP extension, an attacker can copy this file to one with a PHP extension in order to execute code.

Solution

Upgrade to the latest version of ProFTPD.

See Also

http://www.nessus.org/u?a323713d

http://bugs.proftpd.org/show_bug.cgi?id=4372

Plugin Details

Severity: Critical

ID: 132749

File Name: proftpd_mod_copy.nasl

Version: 1.4

Type: remote

Family: FTP

Published: 1/9/2020

Updated: 1/10/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-12815

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:proftpd:proftpd

Required KB Items: ftp/proftpd

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 7/17/2019

Vulnerability Publication Date: 7/19/2019

Reference Information

CVE: CVE-2019-12815

BID: 109339