Vulnerability in ProFTPD Powered by FTP servers

  • CERT Admin
  • Thu Jul 25 2019
  • Alerts

Systems Affected 

All versions of ProFTPd including the latest 1.3.6 version

Threat Level



An Attacker could use this vulnerability to perform arbitrary file copy and which could lead to remote code execution.


According to the advisory the vulnerability resides in the mod_copy module of ProFTPD application. ProFTPD is widely used in popular businesses and websites including SourceForge, Samba, Slackware and comes pre-installed with many Linux distributions like debian. Mod_copy module allow users to copy files and directories from one place to another on a server without having to transfer the data to the client and back.

The vulnerability will allow an authentic user to unauthorizdly copy files on a specific location of the server where the user is not given the permission. This flaw could lead into remote code execution or information disclosure.

It is important to notice that not every FTP server running ProFTPD can be hijacked remotely, since the attacker requires log-in to the respective targeted server or server should have anonymous access enabled.


  ✦  Execute arbitrary code
  ✦  Take control of the whole system (Apple computer)
  ✦  Data modifications
  ✦  Information Disclosure

Solution/ Workarounds 

  ✦  ProFTPD project maintain team did not take any action up to today. Workaround option would be disable mod_copy module in the ProFTPD configuration file.




The information provided herein is on "as is" basis, without warranty of any kind.

Last updated: Thu Jul 25 2019