CVE-2012-6095

Published: 24 January 2013

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

Priority

Medium

Status

Package Release Status
proftpd-dfsg
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.4a-3)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1.3.4a-3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.3.4a-3])
Patches:
Vendor: http://www.debian.org/security/2013/dsa-2606