Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Applying the workaround for the ProFTPd Arbitary File Copy Vulnerability (CVE-2019-12815) using SanerNow

            Modified on Wed, 19 Mar at 12:58 AM

            Overview:
            ProFTPd servers are susceptible to remote code execution and information disclosure. The highly configurable open-source File Transfer Protocol (FTP) server software can be exploited via an arbitrary file copy in the the mod_copy module. The vulnerability allows a remote authenticated user or if enabled, an anonymous user without write conditions to copy any files on the affected FTP server.

            For more information on the vulnerability, please refer to our blog

            CVSS v3.0 Severity and Metrics:
            Base Score: 9.8 CRITICAL

            CVSS v2.0 Severity and Metrics:
            Base Score: 7.5 HIGH

            Affected software:
            All versions of ProFTPd including 1.3.6.

            Solution:
            According to the ProFTPD bug report, the fix for this vulnerability was merged and backported to the version 1.3.6 branch. However, the researcher who reported this bug states in the advisory that the vulnerability was not fixed in version 1.3.6

            Workaround:
            This vulnerability makes use of the mod_copy.c module. Hence the workaround is to disable "mod_copy" module until the proper solution is available.

            Use SanerNow platform to apply this workaround quickly across the organization as shown below.

             

            Automate Workaround with SanerNow:

            1. Download the proftpd_fix.zip which is attached.

            2. Login to SanerNow

            3. Switch to the account/site specific view

            4. Use the 'EM tool' to create an Action

            5. Select 'Software Deployment' feature

            6. Click on Upload, which is on the upper right corner.

            7. Click on the 'Open the file Browser', upload 'proftpd_fix.zip' file and Click on Close.

            8. Once the uploaded package is visible, click on the exclamation mark (!) as shown in the below diagram.

            CVE-2019-12815-Installer.png

            9. Click on edit in the newly opened window and set family to Linux, set extract location to the desired path and set the 'Run file:' option as 'proftpd_fix.sh'. Click on 'Update Detail's as shown in the below diagram.

            CVE-2019-12815-Workaround.png

            10. Select uploaded package and click on install, which is in the upper right corner.

            11. Select 'Group' for which we need to apply the workaround and click 'next'

            12. Enter the required details and click on 'Create Installation task' as shown in the below diagram.

            CVE-2019-12815-Workaround-Install.png

            Note:

            1. The above workaround might be used as a temporary measure until the patches are available.
            2. Note that SanerNow will continue to mark ProFTPd as vulnerable until the patches are applied once available.

            Attachments (1)

            zip

            proftpd_fix.zip
            271 Bytes

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0