The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "proftpd-basic", "binary_version": "1.3.5~rc3-2.1ubuntu2.1" }, { "binary_name": "proftpd-dev", "binary_version": "1.3.5~rc3-2.1ubuntu2.1" }, { "binary_name": "proftpd-doc", "binary_version": "1.3.5~rc3-2.1ubuntu2.1" }, { "binary_name": "proftpd-mod-geoip", "binary_version": "1.3.5~rc3-2.1ubuntu2.1" }, { "binary_name": "proftpd-mod-ldap", "binary_version": "1.3.5~rc3-2.1ubuntu2.1" }, { "binary_name": "proftpd-mod-mysql", "binary_version": "1.3.5~rc3-2.1ubuntu2.1" }, { "binary_name": "proftpd-mod-odbc", "binary_version": "1.3.5~rc3-2.1ubuntu2.1" }, { "binary_name": "proftpd-mod-pgsql", "binary_version": "1.3.5~rc3-2.1ubuntu2.1" }, { "binary_name": "proftpd-mod-sqlite", "binary_version": "1.3.5~rc3-2.1ubuntu2.1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "proftpd-basic", "binary_version": "1.3.5-2" }, { "binary_name": "proftpd-dev", "binary_version": "1.3.5-2" }, { "binary_name": "proftpd-doc", "binary_version": "1.3.5-2" }, { "binary_name": "proftpd-mod-geoip", "binary_version": "1.3.5-2" }, { "binary_name": "proftpd-mod-ldap", "binary_version": "1.3.5-2" }, { "binary_name": "proftpd-mod-mysql", "binary_version": "1.3.5-2" }, { "binary_name": "proftpd-mod-odbc", "binary_version": "1.3.5-2" }, { "binary_name": "proftpd-mod-pgsql", "binary_version": "1.3.5-2" }, { "binary_name": "proftpd-mod-sqlite", "binary_version": "1.3.5-2" } ] }