The open source FTP server ProFTPD is vulnerable up to version to 1.3.5b. CVE-2019-12815allows the execution of arbitrary program code with the rights of the service.
Advertising
ProFTPD is an open source FTP server. I don't know how many blog readers run or administer a ProFTPD FTP server. Therefore only a short message, which the affected persons have to sort accordingly.
(Source: Pexels Markus Spiske CC0 Lizenz)
The vulnerability CVE-2019-12815 is listed in the National Vulnerability Database (NVD).
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
In older versions of the software, a query in the mod_copy module is incorrectly resolved so that Remote Code Execution (RCE) is possible. Thomas Mädel has discovered this vulnerability. Tenable has an article dealing with this issue. The risk is classified as high. However, there is already a fix (Disable mod_copy in the ProFTPd configuration file).
