FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

proftpd -- arbitrary code execution vulnerability with chroot

Affected packages
proftpd < 1.3.5_7


VuXML ID d0034536-ff24-11e4-a072-d050996490d0
Discovery 2015-04-15
Entry 2015-05-20

ProFTPd development team reports:

Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by *unauthenticated clients*.


CVE Name CVE-2015-3306