I. Overview

HUAWEI CLOUD has recently noticed that a remote code execution vulnerability (CVE-2019-12815) of ProFTPD has been disclosed. ProFTPD is an open-source and cross-platform FTP server software. Attackers can exploit this vulnerability to remotely execute arbitrary code without identity authentication or user permission of ProFTPD.

ProFTPD is a popular FTP server software with a large number of users globally. This vulnerability affects all ProFTPD versions.

Official announcement: http://bugs.proftpd.org/show_bug.cgi?id=4372

 II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

 III. Affected Products

ProFTPD 1.3.6 and earlier versions are affected.

 IV: Workarounds

No official version of ProFTPD has been released with this bug fixed. Affected users can disable the mod_copy module in the configuration file to harden the security temporarily.

Perform the hardening according to the following procedure:

1. Locate and edit the configuration file.

Default configuration file directory (Ubuntu): /etc/proftpd/modules.conf

Default configuration file directory (CentOS): /etc/proftpd.conf

2. Comment out the line where mod_copy is located:

# LoadModule mod_copy.c

3. Restart the FTP service so that the modification can take effect:

service proftpd restart

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.