• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

critical issue: Plesk 11.09-proftp Update to 1.3.5 or 1.3.4e possible?

G

GerdSchrewe

Basic Pleskian
Ubuntu 12.04, Plesk 11.09 mu63
proftp Version 1.3.4
Vadim Melihow reported a critical issue with proftpd installations that use the
mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands
to be used by *unauthenticated clients*:

How can i update proftp?
Will paralleles offer a fix?

Unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy
Reported: 2015-04-07 16:35 UTC by TJ Saunders
Modified: 2015-04-15 17:53 UTC (History)
http://bugs.proftpd.org/show_bug.cgi?id=4169


Thanx a lot for help!
 
You must log in or register to reply here.

Similar threads

J
Critical security issue in Plesk 10 Proftpd
Replies
12
Views
9K
madsere
madsere
Back
Top