A vulnerability in ProFTPD could result in the arbitrary execution of code.
|Package||net-ftp/proftpd on all architectures|
|Affected versions||< 1.3.6-r5|
|Unaffected versions||>= 1.3.6-r5|
ProFTPD is an advanced and very configurable FTP server.
It was discovered that ProFTPD’s “mod_copy” module does not properly restrict privileges for anonymous users.
A remote attacker, by anonymously uploading a malicious file, could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or disclose information.
There is no known workaround at this time.
All ProFTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.6-r5"
August 15, 2019
August 15, 2019: 1