Fedora 22 : proftpd-1.3.5-6.fc22 (2015-7164)
Critical Nessus Plugin ID 83224
SynopsisThe remote Fedora host is missing a security update.
DescriptionVadim Melihow reported a critical issue with proftpd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by unauthenticated clients
Upstream report: http://bugs.proftpd.org/show_bug.cgi?id=4169
Note that mod_copy is not loaded/enabled by default in the Fedora package.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected proftpd package.