CVE-2012-6095

Published: Jan 24, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://proftpd.org/docs/NEWS-1.3.5rc1

x_refsource_CONFIRM

[oss-security] 20130107 Re: CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory

mailing-list

x_refsource_MLIST

http://bugs.proftpd.org/show_bug.cgi?id=3841

x_refsource_CONFIRM

51823

third-party-advisory

x_refsource_SECUNIA

DSA-2606

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-6095

Description

Affected Products

References