Published: 24/01/2013 Updated: 25/01/2013
CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9
VMScore: 107
Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Summary

ProFTPD prior to 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

Affected Products

Vendor Product Versions
ProftpdProftpd1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4

Vendor Advisories

Debian Bug report logs - #697524 proftpd-basic: CVE-2012-6095: Possible symlink race when applying UserOwner Package: proftpd-basic; Maintainer for proftpd-basic is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Source for proftpd-basic is src:proftpd-dfsg (PTS, buildd, popcon) Reported by: Jann ...
It has been discovered that in ProFTPd, an FTP server, an attacker on the same physical host as the server may be able to perform a symlink attack allowing to elevate privileges in some configurations For the stable distribution (squeeze), this problem has been fixed in version 133a-6squeeze6 For the testing distribution (wheezy), this problem ...