Resolved Bugs
1212386 – CVE-2015-3306 proftpd: unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy
1212388 – CVE-2015-3306 proftpd: unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy [fedora-all]<br
Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy module’s SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by *unauthenticated clients*
Upstream report:
http://bugs.proftpd.org/show_bug.cgi?id=4169
This update contains a backported fix for this issue.
Note that mod_copy is not loaded/enabled by default in the Fedora package.