Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6095

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2012-6095
Last Modified 25 Jan 2013 12:00:00
Published 24 Jan 2013 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2012-6095

Summary

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

Vulnerable Systems

Application

  • Proftpd 1.2.0

  • Proftpd 1.2.1

  • Proftpd 1.2.10

  • Proftpd 1.2.2

  • Proftpd 1.2.3

  • Proftpd 1.2.4

  • Proftpd 1.2.5

  • Proftpd 1.2.6

  • Proftpd 1.2.7

  • Proftpd 1.2.8

  • Proftpd 1.2.9

  • Proftpd 1.3.0

  • Proftpd 1.3.1

  • Proftpd 1.3.2

  • Proftpd 1.3.3

  • Proftpd 1.3.4


References

MLIST - [oss-security] 20130107 Re: CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory

DEBIAN - DSA-2606

SECUNIA - 51823

CONFIRM - http://proftpd.org/docs/NEWS-1.3.5rc1

CONFIRM - http://bugs.proftpd.org/show_bug.cgi?id=3841


Last Updated: 27 May 2016 11:01:43