FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

proftpd -- arbitrary code execution vulnerability with chroot

Affected packages
proftpd < 1.3.5_7

Details

VuXML ID d0034536-ff24-11e4-a072-d050996490d0
Discovery 2015-04-15
Entry 2015-05-20

ProFTPd development team reports:

Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by *unauthenticated clients*.

References

CVE Name CVE-2015-3306
URL http://bugs.proftpd.org/show_bug.cgi?id=4169