How To Fix file copy vulnerability in mod_copy in ProFTPD (CVE-2019-12815)

CVE-2019-12815 is a vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication.

Tobias M├Ądel published an advisory for an improper access control vulnerability in a default module for ProFTPD. CVE-2019-12815 could allow a attacker to upload malicious files to a ProFTPD server . Because the mod_copy module’s customSITE CPFR and SITE CPTO commands do not honor and configurations as expected.

“ProFTPd 1.3.6 is also affected and does not contain the fix. There is no patched release version available yet”.

The mod_copy module implements SITE CPFR and SITE CPTO commands (analogous to RNFR and RNTO), which can be used to copy files/directories from one place to another on the server without having to transfer the data to the client and back.

Temp Solution How to fix ProFTPD CVE-2019-12815 vulnerability: Disable mod_copy in the ProFTPd configuration file:

sudo nano /etc/proftpd/modules.conf

Find and Insert a ‘#’ at the line #LoadModule mod_copy.c and save file

How to disable ProFTPD mod_copy
How to disable ProFTPD mod_copy

Restart ProFTPD:

sudo systemctl restart proftpd
How to disable ProFTPD mod_copy
How to disable ProFTPD mod_copy

So you done. Stay happy and wait for update to fix CVE-2019-12815 vulnerability.

Have a nice day…

……………………………………………………………………….
Other Source:

https://www.tenable.com/blog/cve-2019-12815-improper-access-control-vulnerability-in-proftpd-disclosed
https://security-tracker.debian.org/tracker/CVE-2019-12815
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12815.html
http://bugs.proftpd.org/show_bug.cgi?id=4372
https://github.com/proftpd/proftpd/pull/816

Leave a Reply

Your email address will not be published. Required fields are marked *