CVE-2012-6095
ProFTPD < 1.3.5rc1 - Race Condition via MKD/XMKD Symlink Attack
Title source: llmDescription
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://proftpd.org/docs/NEWS-1.3.5rc1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/01/07/3
Various Sources x_refsource_confirm
http://bugs.proftpd.org/show_bug.cgi?id=3841
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51823
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2606
Scores
EPSS
0.0069
EPSS Percentile
48.2%
Details
CWE
CWE-362
Status
published
Products (14)
proftpd/proftpd
1.2.0 (6 CPE variants)
proftpd/proftpd
1.2.1
proftpd/proftpd
1.2.2 (4 CPE variants)
proftpd/proftpd
1.2.3
proftpd/proftpd
1.2.4
proftpd/proftpd
1.2.5 (4 CPE variants)
proftpd/proftpd
1.2.6 (3 CPE variants)
proftpd/proftpd
1.2.7 (4 CPE variants)
proftpd/proftpd
1.2.8 (3 CPE variants)
proftpd/proftpd
1.2.9 (4 CPE variants)
... and 4 more
Published
Jan 24, 2013
Tracked Since
Feb 18, 2026