CVE-2015-3306
proftpd-dfsg - security update
EPSS 93.8%
Description
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
How to fix CVE-2015-3306
To remediate CVE-2015-3306, upgrade the affected package to a fixed version below.
- Debian/proftpd-dfsg—upgrade to 1.3.5-2 or later
- Debian/proftpd-dfsg—upgrade to 1.3.4a-5+deb7u3 or later
Is CVE-2015-3306 being exploited?
Likely — EPSS is 93.8%, placing CVE-2015-3306 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 1.3.5-2
- from 0, < 1.3.4a-5+deb7u3