ProFTPd servers are susceptible to remote code execution and information disclosure. The highly configurable open-source File Transfer Protocol (FTP) server software can be exploited via an arbitrary file copy in the the mod_copy module. The vulnerability allows a remote authenticated user or if enabled, an anonymous user without write conditions to copy any files on the affected FTP server.
For more information on the vulnerability, please refer to our blog
CVSS v3.0 Severity and Metrics:
Base Score: 9.8 CRITICAL
CVSS v2.0 Severity and Metrics:
Base Score: 7.5 HIGH
All versions of ProFTPd including 1.3.6.
According to the ProFTPD bug report, the fix for this vulnerability was merged and backported to the version 1.3.6 branch. However, the researcher who reported this bug states in the advisory that the vulnerability was not fixed in version 1.3.6
This vulnerability makes use of the mod_copy.c module. Hence the workaround is to disable "mod_copy" module until the proper solution is available.
Use SanerNow platform to apply this workaround quickly across the organization as shown below.
Automate Workaround with SanerNow:
1. Download the proftpd_fix.zip which is attached.
2. Login to SanerNow
3. Switch to the account/site specific view
4. Use the 'EM tool' to create an Action
5. Select 'Software Deployment' feature
6. Click on Upload, which is on the upper right corner.
7. Click on the 'Open the file Browser', upload 'proftpd_fix.zip' file and Click on Close.
8. Once the uploaded package is visible, click on the exclamation mark (!) as shown in the below diagram.
9. Click on edit in the newly opened window and set family to Linux, set extract location to the desired path and set the 'Run file:' option as 'proftpd_fix.sh'. Click on 'Update Detail's as shown in the below diagram.
10. Select uploaded package and click on install, which is in the upper right corner.
11. Select 'Group' for which we need to apply the workaround and click 'next'
12. Enter the required details and click on 'Create Installation task' as shown in the below diagram.
- The above workaround might be used as a temporary measure until the patches are available.
- Note that SanerNow will continue to mark ProFTPd as vulnerable until the patches are applied once available.