Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.2
CVSSv2

CVE-2012-6095

Published: 24/01/2013 Updated: 25/01/2013
CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9
VMScore: 109
Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N
Subscribe to Proftpd

Vulnerability Summary

ProFTPD prior to 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

Vulnerable Product Search on Vulmon Subscribe to Product

proftpd proftpd

proftpd proftpd 1.3.4

proftpd proftpd 1.3.2

proftpd proftpd 1.3.0

proftpd proftpd 1.2.2

proftpd proftpd 1.2.8

proftpd proftpd 1.2.7

proftpd proftpd 1.2.10

proftpd proftpd 1.3.3

proftpd proftpd 1.2.5

proftpd proftpd 1.2.4

proftpd proftpd 1.2.1

proftpd proftpd 1.2.0

proftpd proftpd 1.2.9

proftpd proftpd 1.2.6

proftpd proftpd 1.3.1

proftpd proftpd 1.2.3

Vendor Advisories

Debian CVElist Bug Report Logs: proftpd-basic: CVE-2012-6095: Possible symlink race when applying UserOwner
Debian Bug report logs - #697524 proftpd-basic: CVE-2012-6095: Possible symlink race when applying UserOwner Package: proftpd-basic; Maintainer for proftpd-basic is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Source for proftpd-basic is src:proftpd-dfsg (PTS, buildd, popcon) Reported by: Jann ...
Debian Security Advisories: DSA-2606-1 proftpd-dfsg -- symlink race
It has been discovered that in ProFTPd, an FTP server, an attacker on the same physical host as the server may be able to perform a symlink attack allowing to elevate privileges in some configurations For the stable distribution (squeeze), this problem has been fixed in version 133a-6squeeze6 For the testing distribution (wheezy), this problem ...

References

CWE-362http://proftpd.org/docs/NEWS-1.3.5rc1http://secunia.com/advisories/51823http://www.openwall.com/lists/oss-security/2013/01/07/3http://www.debian.org/security/2013/dsa-2606http://bugs.proftpd.org/show_bug.cgi?id=3841https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697524https://nvd.nist.govhttps://www.debian.org/security/./dsa-2606
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook