【漏洞情报】ProFTPD远程命令执行漏洞情报

Products
- Recommended
- Cloud Essential Products
- Big Data
- Enterprise Applications
- Developer Services
No results found. Please try re-entering the product name
Popular Products

Elastic Compute Service HOT

Machine Vision HOT

IoT Platform HOT

Dedicated Host

API Gateway

Data Transmission Service

Key Management Service

E-MapReduce

Application Management Service

Latest Products

Voiceprint Recognition NEW

Cloud Digital Signature Service

Resource Orchestration Service

DB Backup and Recovery Service

Database Management Service

Omni-Sinitic

Registration

Recommended Services

Documentation

Partners

Computing

Elastic Compute Service HOT

Elastic GPU Service

Dedicated Host

Auto Scaling

Bare Metal Service

Pingan Kubernetes cluster Service

Storage

Elastic Block Storage

Object Based Storage

CloudNAS

Backup

DB Backup and Recovery Service

Network&CDN

Virtual Private Cloud

Elastic Load Balancing

Internet Gateway

NAT Gateway

Express Connect

VPN Gateway

Content Distribution Network

Security

Ping An Host Security NEW

Web Scan

Web Application Firewall

Ping An Security Center (PSC)

Certificate Authority Service

Security Expert Service

Web Application Firewall ( New )

Mobile Security

Database

RDS-PostgreSQL

RDS-MySQL

Redis

Document Database Service

TiDB

Database Management Service

PingAn Database Audit Service

Data Transmission Service

Advanced Database Service

Big Data Computing

E-MapReduce

Big Data Search and Analysis

Ping An Brain

Log Service

Big Data Application

Nebula BI

Big Data Solutions

Facial Recognition

Fake ID Identification

Voiceprint-based Verification

Domain Name and Website

Domain Name Service

Domain Name Registration NEW

Platform

IoT Platform

Edge Node Service (Beta) NEW

Communications

Direct Mail

Short Message Service

PAVIDEO

Intelligent Management

AnBot

Office Automation

Electronic Voucher Platform Core

Digital Signatures Certification System

ZHI NIAO

RPA Robee

Unified Collaborative Office Platform

Auto Service

Ping An Drive

Management & Monitoring

Key Management Service

Argus

Resource Access Management

Operation System Platform

Middleware

API Gateway

Message Queue

Message Queue Kafka (Beta)

IT Management & Tools

Wizard

ServiceBot

D7 Extended Deployment Automation

LINKDO

Application Management Service

Dynamic Traffic Distribution Platform

WiseAPM

WiseAPM Mobile

WiseAPM Browser

WiseAPM DialTest

WiseAPM Database
Solutions
- Universal Solutions
- Industry Solutions
Enterprise Service Solutions

Unified Platform

Collaborative Office

Swift Website Deployment

Hybrid Cloud Solutions

Cloud Migration

Big Data Solutions

Facial Recognition

Fake ID Identification

AI Solutions

AI-Smart Home

Security Solutions

Universal Security

Financial Cloud Security

Private Cloud Solutions

Ping An Private Cloud NEW

Financial Solutions

Bank

Insurance

Investment

Internet Finance

Smart City Solutions

Smart Public Security

Smart Penitentiary

Smart Airport

Smart Port

Smart Traffic

Smart Higher Education

Smart Community

Smart Building

Smart Scenic Areas

Smart Environment Protection

Medical Solutions

Smart Medical Platform

PACS Cloud Solution for Medical Imagery

Medical Active-Standby Cloud system
Customers
Pricing
Partners
Documentation
About Us

首页
安全公告
公告详情

【漏洞情报】ProFTPD远程命令执行漏洞情报

【漏洞详情】

ProFTPd是一个开源和跨平台的FTP服务软件。近日，ProFTPd 官方修复了一个任意文件复制漏洞（CVE-2019-12815），该漏洞源于mod_copy模块中的自定义SITE CPFR和SITE CPTO操作，通过向ProFTPd发出这两个命令，攻击者可以在未经许可的情况下复制FTP服务器上的任何文件。

【风险评级】

高危

【影响范围】

ProFTPd <= 1.3.5b

【修复建议】

建议受影响用户综合评估漏洞风险和业务影响，可通过升级如下方案修复此漏洞，

方案一，升级1.3.5版本补丁，下载地址：https://github.com/proftpd/proftpd/pull/816/commits/71cd49ea82313f78d52a52d0c628a3770dc96608；

方案二，安装1.3.6安全版本，下载地址：https://github.com/proftpd/proftpd/releases。

【参考链接】

http://bugs.proftpd.org/show_bug.cgi?id=4372

特别提醒：修复漏洞前请进行充分测试，并务必做好数据备份和快照，防止出现意外。

平安云

2019年7月24日

上一条公告【漏洞情报】Xstream 1.4.10远程代码执行漏洞情报

下一条公告【漏洞情报】Jackson反序列化远程代码执行漏洞情报