Unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy
SOURCE:
http://bugs.proftpd.org/show_bug.cgi?id=4169
proftpd vulnerability
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: proftpd vulnerability
The atomic packages are not affected by this vulnerability as they are not built with CPTO support. I havent had the opportunity to confirm this on the default plesk packages as of yet. The following is a method to determine of your proftp install does support this:
1) connect to the server
2) Authentication is not required, but it doesnt hurt
3)run the command:
site cpfr /etc/passwd
a vulnerable version will return something like
"350 File or directory exists, ready for destination name"
otherwise a version that does not support mod_copy will return:
500 'SITE CPFR' not understood
1) connect to the server
2) Authentication is not required, but it doesnt hurt
3)run the command:
site cpfr /etc/passwd
a vulnerable version will return something like
"350 File or directory exists, ready for destination name"
otherwise a version that does not support mod_copy will return:
500 'SITE CPFR' not understood
Re: proftpd vulnerability
Great. Thanks for the detailed info.
Re: proftpd vulnerability
Some posts on the Odin forums indicate the stock version is not vulnerable. But I have not tested personally.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: proftpd vulnerability
The Plesk stock version of psa-proftpd is not vulnerable indeed.faris wrote:Some posts on the Odin forums indicate the stock version is not vulnerable. But I have not tested personally.
Code: Select all
ftp> site cpfr /etc/passwd
500 'SITE CPFR' not understood
Lemonbit Internet Dedicated Server Management