Fedora 20 : proftpd-1.3.4e-3.fc20 (2015-6401)
Critical Nessus Plugin ID 83198
SynopsisThe remote Fedora host is missing a security update.
DescriptionVadim Melihow reported a critical issue with proftpd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by *unauthenticated clients*
Upstream report: http://bugs.proftpd.org/show_bug.cgi?id=4169
This update contains a backported fix for this issue.
Note that mod_copy is not loaded/enabled by default in the Fedora package.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected proftpd package.