CVE-2015-3306 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
proftpd	proftpd	1.3.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

proftpd-dfsg

bookworm	1.3.8+dfsg-4+deb12u3 fixed
bullseye	1.3.7a+dfsg-12+deb11u2 fixed
sid	1.3.8.b+dfsg-3 fixed
squeeze	not-affected
trixie	1.3.8.b+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

proftpd-dfsg

lucid	ignored
precise	Fixed 1.3.4a-1ubuntu0.1 released
trusty	Fixed 1.3.5~rc3-2.1ubuntu2.1 released
utopic	ignored
vivid	Fixed 1.3.5-1.1+deb8u1build0.15.04.1 released
wily	not-affected
xenial	not-affected
yakkety	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157581.html

http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html

http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html

http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.html

http://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.html

http://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.html

http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.html

http://www.debian.org/security/2015/dsa-3263

http://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_modcopy_exec

http://www.securityfocus.com/bid/74238

https://www.exploit-db.com/exploits/36742/

https://www.exploit-db.com/exploits/36803/

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157581.html

http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html

http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html

http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.html

http://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.html

http://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.html

http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.html

http://www.debian.org/security/2015/dsa-3263

http://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_modcopy_exec

http://www.securityfocus.com/bid/74238

https://www.exploit-db.com/exploits/36742/

https://www.exploit-db.com/exploits/36803/