=== Starting vulnerable ProFTPD (v1.3.9b) on port 2121 === Server listening on port 2121 === Running vulnerable tests === Logged in as vscode [ VULN ] RNFR exploit RNFR response: 350 File or directory exists, ready for destination name RNFR/RNTO allowed [ VULN ] DELE variant DELE allowed Vulnerable results: {'vuln_rnfr': 'ALLOWED', 'vuln_dele': 'ALLOWED'} === Starting patched ProFTPD (v1.3.9b + proposed RNFR fix) on port 2122 === Server listening on port 2122 === Running patched tests === Logged in as vscode [ PATCHED ] RNFR exploit (should be blocked) RNFR denied: 550 /proc/self/root/data/pruva/runs/6c58a5e9-ad13-4784-a1dd-3203170b92c6/bundle/artifacts/ftp-root-patched/protected/secret.txt: Operation not permitted [ PATCHED ] DELE variant (should still bypass) DELE allowed Patched results: {'patched_rnfr': 'DENIED', 'patched_dele': 'ALLOWED'} BYPASS CONFIRMED: proposed RNFR fix leaves DELE path open === Variant reproduction completed: bypass confirmed === === Starting vulnerable ProFTPD (v1.3.9b) on port 2121 === Server listening on port 2121 === Running vulnerable tests === Logged in as vscode [ VULN ] RNFR exploit RNFR response: 350 File or directory exists, ready for destination name RNFR/RNTO allowed [ VULN ] DELE variant DELE allowed Vulnerable results: {'vuln_rnfr': 'ALLOWED', 'vuln_dele': 'ALLOWED'} === Starting patched ProFTPD (v1.3.9b + proposed RNFR fix) on port 2122 === Server listening on port 2122 === Running patched tests === Logged in as vscode [ PATCHED ] RNFR exploit (should be blocked) RNFR denied: 550 /proc/self/root/data/pruva/runs/6c58a5e9-ad13-4784-a1dd-3203170b92c6/bundle/artifacts/ftp-root-patched/protected/secret.txt: Operation not permitted [ PATCHED ] DELE variant (should still bypass) DELE allowed Patched results: {'patched_rnfr': 'DENIED', 'patched_dele': 'ALLOWED'} BYPASS CONFIRMED: proposed RNFR fix leaves DELE path open === Variant reproduction completed: bypass confirmed ===