ProFTPD mod_copy Information Disclosure
Critical Nessus Plugin ID 84215
SynopsisThe remote host is running a ProFTPD module that is affected by an information disclosure vulnerability.
DescriptionThe remote host is running a version of ProFTPD that is affected by an information disclosure vulnerability in the mod_copy module due to the SITE CPFR and SITE CPTO commands being available to unauthenticated clients. An unauthenticated, remote attacker can exploit this flaw to read and write to arbitrary files on any web accessible path on the host.
SolutionUpgrade to ProFTPD 1.3.5a / 1.3.6rc1 or later.