Warning when using ProFTPD

This is a security alert, if you are running an FTP server that is using ProFTPD and are using the mod_copy setting.

A serious security issue was found in ProFTPD which allows copying of files such as /etc/passwd or wp-config.php even without authentication. This is a serious issue. Some Servers have already been reported as compromised.

This Vulnerability has been assigned the code CVE-2015-3306.

To check if your FTP Server is vulnerable, I have just added a new Security Check module called “ProFTPD mod_copy exploit (CVE-2015-3306)“.

Just perform a Data Update from the Settings Screen and perform a Data update. After the Update you can select that new test in the Security Check Tool. To run the test, you need to enter the IP address of the server you like to check. The port can be left blank and is optional.

If your server is vulnerable you should either remove the line

LoadModule mod_copy.c

in

/etc/proftpd/modules.conf

or completely stop the ProFTPD service on your server. As per today, there is only a quick patch available for ProFTPD which requires to compile ProFTPD on your server. I would not recommend to use FTP anyway. Instead use SSH/SFTP.

Don’t trust the evil!

Good luck!

Marcus