Friday, December 1, 2023

File Copy Vulnerability With ProFTPD puts Over 1 Million Servers at Risk

File copy vulnerability in ProFTPD server allows an anonymous remote attacker to execute the code in vulnerable machine results in remote code execution and information disclosure without authentication.

By exploiting the vulnerability attacker can run any program code with the rights of the Pro-FTPd service. The vulnerability can be tracked as CVE-2019-12815 and it affects all the versions up to 1.3.5b.

The vulnerability resides in ProFTPd’s mod_copy module that supplied with the default installation, by issuing CPFR, CPTO commands to a ProFTPd server allows users without write permissions to copy any file on the FTP server, says Tobias Mädel who identified the vulnerability.

ProFTPD Usage

It is a free open source FTP server that is compatible with Unix-like operating systems and Microsoft Windows. According to Shodan results, more than 1 Million Servers running vulnerable versions.

ProFTPD

Shodan report states that 1.3.5b is the most uses version of the ProFTPD and the most used operating system are Linux ones. Here is the full shodan report.

In future attackers may use exploits to compromise the vulnerable servers and infect them with malware.

Also Read: Critical Vulnerability in VLC Media Player 3.0.7.1 Let Hackers to Execute Arbitrary Code

Timeline:

28.09.2018 Reported to ProFTPd security@, ProFTPd asking for clarifications
12.06.2019 Reported to Debian Security Team, replies by Moritz & Salvatore
28.06.2019 Deadline for public disclosure on 28.07.2019 announced
17.07.2019 Fix published by ProFTPd

SponsoredFree GDPR Comics Book – Importance of Following General Data Protection Regulation (GDPR) to protect your Company Data and user privacy

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Website

Latest articles

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

CISA Warns Hackers Exploiting Wastewater Systems Logic Controllers

In a disconcerting turn of events, cyber threat actors have set their sights on...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles