A German security researcher has publicly disclosed details of a serious vulnerability in one of the most popular FTP server applications, which is currently being used by more than one million servers worldwide.
The vulnerable software in question is ProFTPD, an open source FTP server used by a large number of popular businesses and websites including SourceForge, Samba and Slackware, and comes pre-installed with many Linux and Unix distributions, like Debian.
Discovered by Tobias Mädel, the vulnerability resides in the mod_copy module of the ProFTPD application, a component that allows users to copy files/directories from one place to another on a server without having to transfer the data to the client and back.
According to Mädel, an incorrect access control issue in the mod_copy module could be exploited by an authenticated user to unauthorisedly copy any file on a specific location of the vulnerable FTP server where the user is otherwise not allowed to write a file.
In rare circumstances, the flaw may also lead to remote code execution or information disclosure attacks.
John Simpson, a security researcher at Trend Micro, told The Hacker News that to successfully achieve remote code execution on a targeted server, an attacker needs to copy a malicious PHP file to a location where it can be executed.
Therefore, it’s important to note that not every FTP server running vulnerable ProFTPD can be hijacked remotely, since the attacker requires log-in to the respective targeted server, or the server should have anonymous access enabled.
images from Hacker News