In ProFTPD ftp server dangerous vulnerability (), which allows you to copy files within the server without authentication using the "site cpfr" and "site cpto" commands. problem severity level 9.8 out of 10, as it can be used to organize remote code execution while providing anonymous access to FTP.
Vulnerability incorrect check of access restrictions for reading and writing data (Limit READ and Limit WRITE) in the mod_copy module, which is used by default and is included in proftpd packages for most distributions. It is noteworthy that the vulnerability is a consequence of an incompletely eliminated similar problem, in 2015, for which new attack vectors have now been identified. Moreover, the problem was reported to the developers back in September last year, but the patch was just a few days ago.
The problem manifests itself, among other things, in the latest current releases of ProFTPd 1.3.6 and 1.3.5d. The fix is ββavailable as . As a security workaround, it is recommended to disable mod_copy in the configuration. The vulnerability has only been fixed in and remains uncorrected , , , , (ProFTPD is not shipped in the main RHEL repository, and the EPEL-6 package is not affected by the issue, as it does not include mod_copy).
Source: opennet.ru