A security hole affecting the free and open source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and possibly execute arbitrary code.
ProFTPD is advertised as a “high-performance, extremely configurable, and most of all a secure FTP server.” ProFTPD is used by many projects and organizations, including SourceForge, Samba, and Linksys, and it’s available in many Linux and Unix distributions.
Germany-based researcher Tobias Mädel discovered that the software is affected by a vulnerability related to the mod_copy module, which implements commands for copying files and folders on the same server without the necessity to first transfer the data to the client. The module is enabled by default in most operating systems.
Mädel told SecurityWeek that exploitation of the vulnerability requires access (at least anonymous access) to the targeted machine.
“Attacks could be made (for example) on Open Source mirror servers,” the researcher explained. “These have anonymous access enabled, often use ProFTPd and host a lot of binary files. A malicious actor would need to get his malicious file to this machine somehow (for example by distributing it at some unrelated project which is also mirrored on this server) and can then override any file on the mirror server with this (infected) version. This could be used to swap out .iso files or .exe installers where no strict validations (like GPG signatures on apt repositories) are in place.”
Another attack scenario described by the expert leverages auto-updaters. He discovered that Gajim, a popular open source XMPP client that used ProFTPD on its update server, allowed attackers to upload arbitrary ..
Support the originator by clicking the read the rest link below.
