You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa proftpd

Sigurnosni nedostatak programskog paketa proftpd

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-04-29 07:53:52

Name : proftpd
Product : Fedora 21
Version : 1.3.5
Release : 5.fc21
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple ‘virtual’ FTP servers, anonymous FTP, and permission-based directory

This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.

Update Information:

Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy module’s SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by unauthenticated clients

Upstream report:

Note that mod_copy is not loaded/enabled by default in the Fedora package.

* Tue Apr 28 2015 Paul Howarth <> – 1.3.5-5
– Unauthenticated copying of files via SITE CPFR/CPTO was allowed by mod_copy
* Tue Feb 10 2015 Paul Howarth <> – 1.3.5-4
– Anonymous upload directory specification needs to be slightly different if
mod_vroot is in use (#1045922)
– Use %license where possible

[ 1 ] Bug #1212386 – CVE-2015-3306 proftpd: unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy

This update can be installed with the “yum” update program. Use
su -c ‘yum update proftpd’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2015-05-0015-ADV
More in Preporuke
Ranjivosti programskog paketa thunderbird

Otkriveno je nekoliko ranjivosti u programskom paketu thunderbird za Fedoru 20. Ranjivosti su posljedica nepravilne obrade preoblikovanog web sadržaja, nepravilnog...