CVE-2019-12815
https://notcve.org/view.php?id=CVE-2019-12815
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. Una vulnerabilidad de copia de archivo arbitraria en mod_copy en ProFTPD hasta versión 1.3.5b, permite la ejecución de código remota y la divulgación de información sin autenticación, un problema relacionado con CVE-2015-3306. • https://github.com/KTN1990/CVE-2019-12815 http://bugs.proftpd.org/show_bug.cgi?id=4372 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html http://www.securityfocus.com/bid/109339 https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf https://github.com/proftpd/proftpd/pull/816 https://lists.debian.org/ • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2017-7418
https://notcve.org/view.php?id=CVE-2017-7418
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user. ProFTPD en versiones anteriores a 1.3.5e y 1.3.6 en versiones anteriores a 1.3.6rc5 controlan si el directorio de inicio de un usuario puede contener un enlace simbólico hasta la versión de la opción de configuración AllowChrootSymlinks, pero comprueba sólo el último componente de ruta al aplicar AllowChrootSymlinks. Los atacantes con acceso local pueden omitir el control AllowChrootSymlinks reemplazando un componente de ruta (que no sea el último) con un enlace simbólico. • http://bugs.proftpd.org/show_bug.cgi?id=4295 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html http://www.securityfocus.com/bid/97409 https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f https://github.com/proftpd/proftpd/pull/444/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2016-3125
https://notcve.org/view.php?id=CVE-2016-3125
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. El módulo mod_tls en ProFTPD en versiones anteriores a 1.3.5b y 1.3.6 en versiones anteriores a 1.3.6rc2 no maneja correctamente la directiva TLSDHParamFile, lo cual puede causar que se utilice una clave Diffie-Hellman (DH) más débil de lo deseado y como consecuencia permitir a atacantes tener un impacto no especificado a través de vectores desconocidos. • http://bugs.proftpd.org/show_bug.cgi?id=4230 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00080.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00045.html http://proftpd.org/docs/NEWS-1.3.5b http://proftpd.org/docs/NEWS-1.3.6r • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues •
CVE-2015-3306 – ProFTPd 1.3.5 - 'mod_copy' Command Execution
https://notcve.org/view.php?id=CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. El módulo mod_copy en ProFTPD 1.3.5 permite a atacantes remotos leer y escribir en ficheros arbitrarios a través de los comandos site cpfr y site cpto. • https://www.exploit-db.com/exploits/37262 https://www.exploit-db.com/exploits/36803 https://www.exploit-db.com/exploits/49908 https://www.exploit-db.com/exploits/36742 https://github.com/t0kx/exploit-CVE-2015-3306 https://github.com/davidtavarez/CVE-2015-3306 https://github.com/cd6629/CVE-2015-3306-Python-PoC https://github.com/cdedmondson/Modified-CVE-2015-3306-Exploit http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html http://lists.fedoraproject.o • CWE-284: Improper Access Control •
CVE-2013-4359
https://notcve.org/view.php?id=CVE-2013-4359
Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation. Desbordamiento de entero en kbdint.c en mod_sftp en ProFTPD 1.3.4d y 1.3.5r3 permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de un valor grande del contador de respuestas en una petición de autenticación, lo cual dispara una gran reserva de memoria. • http://bugs.proftpd.org/show_bug.cgi?id=3973 http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html http://www.debian.org/security/2013/dsa-2767 http://www.openwall.com/lists/oss-security/2013/09/17/6 • CWE-189: Numeric Errors •