CVE-2015-3306 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in ProFTPD affects v. 1.3.5.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2015-3306 Scanner Detail
ProFTPD is a widely-used open-source FTP server software designed to serve files to multiple clients over the internet or a local area network. This software runs on various operating systems such as Windows, macOS, and Linux. The FTP server can be configured to allow anonymous access or authenticated access with a username and password.
However, a critical vulnerability was detected in the mod_copy module of ProFTPD 1.3.5, identified as CVE-2015-3306. This vulnerability permits remote attackers to read and write arbitrary files on the server via the site cpfr and site cpto commands. The root cause of the vulnerability is insufficient sanitization of user-provided input on the server-side.
Exploitation of CVE-2015-3306 permits a remote attacker to access system files that could give them access to sensitive information such as login credentials, financial records, and other confidential data. Hackers can also leverage this vulnerability to install malicious software on the attacked system, leading to compromise of system integrity and total control over the network.
In conclusion, securityforeveryone.com is the ideal platform for anyone interested in learning more about vulnerabilities in digital assets. Thanks to our innovative security features, you can quickly identify and fix vulnerabilities in your digital assets. With our advanced monitoring tools, you can detect and remediate security incidents before they cause significant damage. Trust us to secure your digital assets today.
REFERENCES
- http://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_modcopy_exec
- exploit-db.com: 36803
- http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.html
- debian.org: DSA-3263
- http://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.html
- lists.opensuse.org: openSUSE-SU-2015:1031
- lists.fedoraproject.org: FEDORA-2015-7164
- lists.fedoraproject.org: FEDORA-2015-6401
- securityfocus.com: 74238
- exploit-db.com: 36742
- lists.fedoraproject.org: FEDORA-2015-7086
- http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html
- http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.html
control security posture