{"id":36459,"date":"2019-10-31T22:11:45","date_gmt":"2019-10-31T19:11:45","guid":{"rendered":"https:\/\/prohoster.info\/blog\/kriticheskaya-uyazvimost-cve-2019-12815-v-proftpd\/"},"modified":"2019-10-31T22:11:45","modified_gmt":"2019-10-31T19:11:45","slug":"kriticheskaya-uyazvimost-cve-2019-12815-v-proftpd","status":"publish","type":"post","link":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/kriticheskaya-uyazvimost-cve-2019-12815-v-proftpd","title":{"rendered":"Kritische Sicherheitsanf\u00e4lligkeit CVE-2019-12815 in ProFTPd","gt_translate_keys":[{"key":"rendered","format":"text"}]},"content":{"rendered":"<p>In ProFTPd (einem beliebten FTP-Server) wurde eine kritische Schwachstelle (CVE-2019-12815) entdeckt. Diese Schwachstelle erm\u00f6glicht es, Dateien innerhalb des Servers ohne Authentifizierung zu kopieren, indem die Befehle \u201esite cpfr\u201c und \u201esite cpto\u201c verwendet werden, auch auf Servern mit anonymem Zugriff.<\/p>\n<p>Die Schwachstelle ergibt sich aus unzureichender \u00dcberpr\u00fcfung der Lese- und Schreibzugriffsrechte (Limit READ und Limit WRITE) im Modul mod_copy, welches standardm\u00e4\u00dfig aktiviert und in den Proftpd-Paketen f\u00fcr die meisten Distributionen enthalten ist.<\/p>\n<p><noindex><noindex><\/p>\n<p>Alle aktuellen Versionen in allen Distributionen sind betroffen, mit Ausnahme von Fedora. Momentan ist eine Korrektur verf\u00fcgbar in Form von <a rel=\"nofollow\" href=\"https:\/\/github.com\/proftpd\/proftpd\/pull\/816\">Patch<\/a>. Als vor\u00fcbergehende L\u00f6sung wird empfohlen, mod_copy zu deaktivieren.<\/p>\n<p><\/noindex><\/noindex><\/p>\n<p>Quelle: <a \ncontent=\"nofollow\" rel=\"nofollow\" href=\"http:\/\/www.linux.org.ru\/news\/security\/15129194\">linux.org.ru<\/a><\/p>","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"excerpt":{"rendered":"<p>\u0412 ProFTPd (\u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 ftp-server) \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2019-12815). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0432 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043a\u043e\u043c\u0430\u043d\u0434 &laquo;site cpfr&raquo; \u0438 &laquo;site cpto&raquo;, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0438 \u0437\u0430\u043f\u0438\u0441\u044c \u0434\u0430\u043d\u043d\u044b\u0445 (Limit READ \u0438 Limit WRITE) \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 mod_copy, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f [&hellip;]<\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[702],"tags":[],"class_list":["post-36459","post","type-post","status-publish","format-standard","hentry","category-novosti-interneta"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"\u0412 ProFTPd (\u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 ftp-server) \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2019-12815). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0432 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043a\u043e\u043c\u0430\u043d\u0434 \u00absite cpfr\u00bb \u0438 \u00absite cpto\u00bb, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0438 \u0437\u0430\u043f\u0438\u0441\u044c \u0434\u0430\u043d\u043d\u044b\u0445 (Limit READ \u0438 Limit WRITE) \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 mod_copy, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Yuri Gagarin\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/kriticheskaya-uyazvimost-cve-2019-12815-v-proftpd\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"de_DE\" \/>\n\t\t<meta property=\"og:site_name\" content=\"ProHoster | \u041a\u0443\u043f\u0438\u0442\u044c \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u0445\u043e\u0441\u0442\u0438\u043d\u0433 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 DDoS, VPS VDS \u0441\u0435\u0440\u0432\u0435\u0440\u044b\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"\ud83e\udd47\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2019-12815 \u0432 ProFTPd | ProHoster\" \/>\n\t\t<meta property=\"og:description\" content=\"\u0412 ProFTPd (\u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 ftp-server) \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2019-12815). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0432 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043a\u043e\u043c\u0430\u043d\u0434 \u00absite cpfr\u00bb \u0438 \u00absite cpto\u00bb, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0438 \u0437\u0430\u043f\u0438\u0441\u044c \u0434\u0430\u043d\u043d\u044b\u0445 (Limit READ \u0438 Limit WRITE) \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 mod_copy, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/kriticheskaya-uyazvimost-cve-2019-12815-v-proftpd\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"350\" \/>\n\t\t<meta property=\"og:image:height\" content=\"350\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2019-10-31T19:11:45+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2019-10-31T19:11:45+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/prohoster\" \/>\n\t\t<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/prohoster\" \/>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"\ud83e\udd47Kritische Sicherheitsanf\u00e4lligkeit CVE-2019-12815 in ProFTPd | ProHoster","description":"Im ProFTPd (einem beliebten FTP-Server) wurde eine kritische Sicherheitsanf\u00e4lligkeit (CVE-2019-12815) entdeckt. Die Ausnutzung erm\u00f6glicht es, Dateien innerhalb des Servers ohne Authentifizierung durch die Befehle \u201esite cpfr\u201c und \u201esite cpto\u201c zu kopieren, auch auf Servern mit anonymem Zugang. Diese Sicherheitsanf\u00e4lligkeit beruht auf einer fehlerhaften \u00dcberpr\u00fcfung der Zugriffsrechte zum Lesen und Schreiben von Daten (Limit READ und Limit WRITE) im Modul mod_copy, das verwendet wird.","canonical_url":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/kriticheskaya-uyazvimost-cve-2019-12815-v-proftpd","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":null,"og:locale":"de_DE","og:site_name":"ProHoster | \u041a\u0443\u043f\u0438\u0442\u044c \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u0445\u043e\u0441\u0442\u0438\u043d\u0433 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 DDoS, VPS VDS \u0441\u0435\u0440\u0432\u0435\u0440\u044b","og:type":"article","og:title":"\ud83e\udd47\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2019-12815 \u0432 ProFTPd | ProHoster","og:description":"\u0412 ProFTPd (\u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 ftp-server) \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2019-12815). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0432 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043a\u043e\u043c\u0430\u043d\u0434 \u00absite cpfr\u00bb \u0438 \u00absite cpto\u00bb, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0438 \u0437\u0430\u043f\u0438\u0441\u044c \u0434\u0430\u043d\u043d\u044b\u0445 (Limit READ \u0438 Limit WRITE) \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 mod_copy, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f","og:url":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/kriticheskaya-uyazvimost-cve-2019-12815-v-proftpd","og:image":"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg","og:image:secure_url":"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg","og:image:width":350,"og:image:height":350,"article:published_time":"2019-10-31T19:11:45+00:00","article:modified_time":"2019-10-31T19:11:45+00:00","article:publisher":"https:\/\/www.facebook.com\/prohoster","article:author":"https:\/\/www.facebook.com\/prohoster"},"aioseo_meta_data":{"post_id":"36459","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":null,"schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"seo_analyzer_scan_date":"2026-01-22 03:26:19","breadcrumb_settings":null,"limit_modified_date":false,"reviewed_by":null,"ai":null,"created":"2021-03-01 01:44:23","updated":"2026-01-22 03:26:19"},"gt_translate_keys":[{"key":"link","format":"url"}],"_links":{"self":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts\/36459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/comments?post=36459"}],"version-history":[{"count":0,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts\/36459\/revisions"}],"wp:attachment":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/media?parent=36459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/categories?post=36459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/tags?post=36459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}