Warning: High-Severity vulnerability found in proftpd, Patch Immediately!

Reference:
Advisory #2024-282

Version:
1.0

Affected software:
ProFTPD

Type:
Improper Privilege Management (CWE-269)

CVE/CVSS:
CVE-2024-48651
CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Sources

• https://nvd.nist.gov/vuln/detail/CVE-2024-48651
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082326
• https://github.com/proftpd/proftpd/issues/1830

Risks

A critical security vulnerability has been discovered in ProFTPD, a widely used FTP server software. This flaw could permit attackers to gain unintended access privileges by exploiting this misconfiguration.

Description

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.

In other words, this issue stems from incorrect handling of supplemental groups, which represent additional group memberships assigned to a user. In vulnerable versions, users without explicitly assigned supplemental groups are mistakenly assigned the supplemental group with GID 0 (root).

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

 

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-48651
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082326
• https://github.com/proftpd/proftpd/issues/1830