• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

1 Million+ ProFTPD Servers Vulnerable To Remote Code Execution Attacks

by Cyber360 News
November 11, 2019
in Security
0
1 Million+ ProFTPD Servers Vulnerable To Remote Code Execution Attacks
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

ProFTPD is an open-source and one of the most popular FTP server software used by more than one million servers all over the world. It comes pre-installed on several Linux and Unix-based distributions, including Debian. A German security researcher has revealed a security flaw that makes ProFTPD servers vulnerable to remote code execution attacks.

Tobias Madel reveals that the vulnerability exists in ProFTPD’s mod_copy module which is supplied by default in the installation of the FTP server and is enabled by default in most operating systems.

jamf now

This bug exists due to an incorrect access control issue in the mod_copy module and can be exploited by an authenticated user without any write permission to copy files on the FTP server. This vulnerability can also be exploited if an anonymous user is enabled in the server settings.

SITE CPFR and SITE CPTO commands are the culprits behind this bug. These commands bypass the “Limit WRITE” DenyAll directives which allow users without write permissions to copy files to a current folder.

All versions of ProFTPD have been affected by the bug labeled as CVE-2019-12815. However, version 1.3.6 is an exception and the bug can only be exploited in 1.3.6 if you install it from sources that have been compiled before 17th July 2019.

To evade this attack, server admins must disable the mod-copy module. ProFTPD has backported a patch to 1.3.6 version and has not released a new version with a fix for the issue yet.

jamf now
Also Read: VLC Media Player Has Critical Security Flaw [Updated: Devs Deny All Claims]
Cyber360 News

Cyber360 News

Next Post
“Specially Crafted” Videos Could Hijack Your Android Device

“Specially Crafted” Videos Could Hijack Your Android Device

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In