** Description changed: The CVE-2015-3306 problem is arround for some time now and is not fixed in 12.04 and 14.04 LTS versions. http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3306.html I also tested it with telnet. I can copy files without any authentication if mod_copy is enabled (mod_copy is per default enabled!) The module is very usefull. I would be happy if I can re enable it on my servers. - Debian and other distributions have already fix this in their systems. http://bugs.proftpd.org/show_bug.cgi?id=4169 https://security-tracker.debian.org/tracker/CVE-2015-3306 + https://www.debian.org/security/2015/dsa-3263 Is there a special reason why this still not fixed on the LTS versions of Ubuntu?
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1462311 Title: proftpd mod_copy issue (CVE-2015-3306) To manage notifications about this bug go to: https://bugs.launchpad.net/proftpd-dfsg/+bug/1462311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
