This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="201908-16">
<title>ProFTPD: Remote code execution</title>
<synopsis>A vulnerability in ProFTPD could result in the arbitrary execution
of code.
</synopsis>
<producttype="ebuild">proftpd</product>
<announced>2019-08-15</announced>
<revisedcount="1">2019-08-15</revised>
<bug>690528</bug>
<access>remote</access>
<affected>
<packagename="net-ftp/proftpd"auto="yes"arch="*">
<unaffectedrange="ge">1.3.6-r5</unaffected>
<vulnerablerange="lt">1.3.6-r5</vulnerable>
</package>
</affected>
<background>
<p>ProFTPD is an advanced and very configurable FTP server.</p>
</background>
<description>
<p>It was discovered that ProFTPD’s “mod_copy” module does not
properly restrict privileges for anonymous users.
</p>
</description>
<impacttype="high">
<p>A remote attacker, by anonymously uploading a malicious file, could
possibly execute arbitrary code with the privileges of the process, cause
a Denial of Service condition or disclose information.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All ProFTPD users should upgrade to the latest version:</p>