Applying the workaround for the ProFTPd Arbitary File Copy Vulnerability (CVE-2019-12815) using SanerNow

Modified on Wed, 19 Mar at 12:58 AM

Overview:
ProFTPd servers are susceptible to remote code execution and information disclosure. The highly configurable open-source File Transfer Protocol (FTP) server software can be exploited via an arbitrary file copy in the the mod_copy module. The vulnerability allows a remote authenticated user or if enabled, an anonymous user without write conditions to copy any files on the affected FTP server.

For more information on the vulnerability, please refer to our blog

CVSS v3.0 Severity and Metrics:
Base Score: 9.8 CRITICAL

CVSS v2.0 Severity and Metrics:
Base Score: 7.5 HIGH

Affected software:
All versions of ProFTPd including 1.3.6.

Solution:
According to the ProFTPD bug report, the fix for this vulnerability was merged and backported to the version 1.3.6 branch. However, the researcher who reported this bug states in the advisory that the vulnerability was not fixed in version 1.3.6

Workaround:
This vulnerability makes use of the mod_copy.c module. Hence the workaround is to disable "mod_copy" module until the proper solution is available.

Use SanerNow platform to apply this workaround quickly across the organization as shown below.

 

Automate Workaround with SanerNow:

1. Download the proftpd_fix.zip which is attached.

2. Login to SanerNow

3. Switch to the account/site specific view

4. Use the 'EM tool' to create an Action

5. Select 'Software Deployment' feature

6. Click on Upload, which is on the upper right corner.

7. Click on the 'Open the file Browser', upload 'proftpd_fix.zip' file and Click on Close.

8. Once the uploaded package is visible, click on the exclamation mark (!) as shown in the below diagram.

CVE-2019-12815-Installer.png

9. Click on edit in the newly opened window and set family to Linux, set extract location to the desired path and set the 'Run file:' option as 'proftpd_fix.sh'. Click on 'Update Detail's as shown in the below diagram.

CVE-2019-12815-Workaround.png

10. Select uploaded package and click on install, which is in the upper right corner.

11. Select 'Group' for which we need to apply the workaround and click 'next'

12. Enter the required details and click on 'Create Installation task' as shown in the below diagram.

CVE-2019-12815-Workaround-Install.png

Note:

  1. The above workaround might be used as a temporary measure until the patches are available.
  2. Note that SanerNow will continue to mark ProFTPd as vulnerable until the patches are applied once available.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article