CVE-2012-6095

EPSS 0.06%

proftpd-dfsg - symlink race

發布日:2013/1/24修改日:2026/3/9

也稱為:DSA-2606-1DEBIAN-CVE-2012-6095

描述

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

受影響套件(2)

Debian/proftpd-dfsgfrom 0, < 1.3.4a-3
Debian/proftpd-dfsgfrom 0, < 1.3.3a-6squeeze6

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-6095