CVE-2012-6095

EPSS 0.06%

proftpd-dfsg - symlink race

Published: 1/24/2013Modified: 3/9/2026

Also known as:DSA-2606-1DEBIAN-CVE-2012-6095

Description

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

Affected packages (2)

Debian/proftpd-dfsgfrom 0, < 1.3.4a-3
Debian/proftpd-dfsgfrom 0, < 1.3.3a-6squeeze6

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-6095