CVE-2024-48651: ProFTPD Vulnerability Grants Root Access to Attackers - #CVE-2024-48651
A serious security vulnerability has been discovered in the ProFTPD FTP server software, potentially allowing attackers to gain unauthorized root access on systems using versions 1.3.8b and earlier. This flaw, identified as CVE-2024-48651 with a CVSS score of 7.5, stems from improper handling of supplemental groups in the mod\_sql component. The issue has been addressed with a patch, and administrators are advised to update their software or recompile it from the patched source to prevent potential compromises. Despite the decreasing usage of FTP, approximately 800,000 servers globally, particularly in Germany, the USA, and France, remain at risk. Organizations are also recommended to transition to more secure file transfer protocols like SFTP or FTPS to enhance their security posture.