Symlink Race Condition in ProFTPD with UserOwner Directive
CVE-2012-6095

Currently unrated

Key Information:

Vendor: Proftpd
Status: Proftpd
Vendor: CVE Published:; 24 January 2013

What is CVE-2012-6095?

A vulnerability exists in ProFTPD prior to version 1.3.5rc1, where the UserOwner directive enables local users to exploit a race condition. By leveraging symlink attacks on the MKD or XMKD commands, these users can gain unauthorized control over the ownership of arbitrary files. This poses significant risks to file integrity and system security.

References

http://proftpd.org/docs/NEWS-1.3.5rc1

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2013/01/07/3

mailing-listx_refsource_MLIST

http://bugs.proftpd.org/show_bug.cgi?id=3841

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 24, 2013
Vulnerability Reserved
Dec 6, 2012

JSON

Proftpd

What is CVE-2012-6095?

References

Timeline