Detections
Analytics
CVE-2019-12815
critical
Description
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
From the Tenable Blog
CVE-2019-12815: Improper Access Control Vulnerability in ProFTPD Disclosed
Published: 2019-07-23
Popular open source FTP daemon affected by an improper access control vulnerability dating back to 2010 Background On July 18, Tobias Mädel published an advisory for an improper access control vulnerability in a default module for ProFTPD, a popular open source FTP daemon for Unix and Unix-like operating systems.
References
https://www.debian.org/security/2019/dsa-4491
https://tbspace.de/cve201912815proftpd.html
https://security.gentoo.org/glsa/201908-16
https://seclists.org/bugtraq/2019/Aug/3
https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html
https://github.com/proftpd/proftpd/pull/816
https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf
http://www.securityfocus.com/bid/109339
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html