A cikin uwar garken ftp ProFTPD haɗari mai haɗari (), wanda ke ba ku damar kwafin fayiloli a cikin uwar garken ba tare da tantancewa ta amfani da umarnin "site cpfr" da "site cpto". matsala matakin haɗari 9.8 daga cikin 10, tunda ana iya amfani da shi don tsara aiwatar da kisa mai nisa yayin ba da damar shiga FTP ba tare da suna ba.
Varfafawa duban kuskure na ƙuntatawa don karantawa da rubuta bayanan (Iyaka KARANTA da Iyakance WRITE) a cikin mod_copy module, wanda aka yi amfani da shi ta tsohuwa kuma an kunna shi cikin fakiti na proftpd don yawancin rabawa. Abin lura shi ne cewa raunin da ya faru shi ne sakamakon irin wannan matsala da ba a warware gaba daya ba. a cikin 2015, wanda a yanzu an gano sabbin hanyoyin kai hari. Bugu da ƙari, an ba da rahoton matsalar ga masu haɓakawa a cikin Satumbar bara, amma facin ya kasance kwanaki kadan da suka gabata.
Matsalar kuma tana bayyana a cikin sabbin fitowar ProFTPd 1.3.6 da 1.3.5d. Ana samun gyara kamar . A matsayin tsarin tsaro, ana ba da shawarar a kashe mod_copy a cikin tsarin. Ya zuwa yanzu an daidaita rashin lafiyar a ciki kawai kuma ya kasance ba a gyara ba , , , , (Ba a ba da ProFTPD a cikin babban ma'ajiyar RHEL ba, kuma kunshin daga EPEL-6 matsalar ba ta shafe shi ba saboda bai haɗa da mod_copy ba).
source: budenet.ru