Hauv ProFTPD ftp server txaus ntshai vulnerability (), uas tso cai rau koj luam cov ntaub ntawv hauv lub server yam tsis muaj kev lees paub siv "site cpfr" thiab "site cpto" cov lus txib. teeb meem txaus ntshai theem 9.8 tawm ntawm 10, vim nws tuaj yeem siv los teeb tsa cov cai tswj hwm chaw taws teeb thaum muab kev nkag mus rau FTP tsis qhia npe.
Kom txhob raug Kev txheeb xyuas tsis raug ntawm kev txwv kev nkag mus rau kev nyeem thiab sau cov ntaub ntawv (Tshwj xeeb READ thiab txwv WRITE) hauv mod_copy module, uas yog siv los ntawm lub neej ntawd thiab tau qhib rau hauv cov pob khoom proftpd rau feem ntau cov kev faib tawm. Nws yog ib qho tseem ceeb uas qhov kev pheej hmoo yog qhov tshwm sim ntawm qhov teeb meem zoo sib xws uas tsis tau daws tag nrho, nyob rau hauv 2015, rau cov tshiab attack vectors tam sim no tau raug txheeb xyuas. Ntxiv mus, qhov teeb meem tau tshaj tawm rau cov neeg tsim khoom rov qab rau lub Cuaj Hli xyoo tas los, tab sis thaj yog ob peb hnub dhau los.
Qhov teeb meem kuj tshwm sim nyob rau hauv qhov tseeb tam sim no tawm ntawm ProFTPd 1.3.6 thiab 1.3.5d. Kev kho yog muaj raws li . Raws li kev ruaj ntseg workaround, nws raug pom zoo kom lov tes taw mod_copy hauv kev teeb tsa. Qhov tsis muaj zog tam sim no tau kho tsuas yog hauv thiab tseem tsis raug kho , , , , (ProFTPD tsis muab nkag rau hauv lub ntsiab RHEL repository, thiab pob ntawm EPEL-6 tsis cuam tshuam los ntawm qhov teeb meem vim nws tsis suav nrog mod_copy).
Tau qhov twg los: opennet.ru