CVE-2012-6095

NONE
Published Jan 24, 201313y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 24, 2013 13y ago
Last Modified Jun 16, 2026 2w ago

Description

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-362

Affected Products 68

VendorProductVersionRange
proftpdproftpd* ≤1.3.4
proftpdproftpd1.2.0any
proftpdproftpd1.2.0any
proftpdproftpd1.2.0any
proftpdproftpd1.2.0any
proftpdproftpd1.2.0any
proftpdproftpd1.2.0any
proftpdproftpd1.2.1any
proftpdproftpd1.2.2any
proftpdproftpd1.2.2any
proftpdproftpd1.2.2any
proftpdproftpd1.2.2any
proftpdproftpd1.2.3any
proftpdproftpd1.2.4any
proftpdproftpd1.2.5any
proftpdproftpd1.2.5any
proftpdproftpd1.2.5any
proftpdproftpd1.2.5any
proftpdproftpd1.2.6any
proftpdproftpd1.2.6any
proftpdproftpd1.2.6any
proftpdproftpd1.2.7any
proftpdproftpd1.2.7any
proftpdproftpd1.2.7any
proftpdproftpd1.2.7any
proftpdproftpd1.2.8any
proftpdproftpd1.2.8any
proftpdproftpd1.2.8any
proftpdproftpd1.2.9any
proftpdproftpd1.2.9any
proftpdproftpd1.2.9any
proftpdproftpd1.2.9any
proftpdproftpd1.2.10any
proftpdproftpd1.2.10any
proftpdproftpd1.2.10any
proftpdproftpd1.2.10any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.0any
proftpdproftpd1.3.1any
proftpdproftpd1.3.1any
proftpdproftpd1.3.1any
proftpdproftpd1.3.1any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.2any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.3any
proftpdproftpd1.3.4any
proftpdproftpd1.3.4any
proftpdproftpd1.3.4any

References 5

  • bugs.proftpd.org http://bugs.proftpd.org/show_bug.cgi?id=3841
  • proftpd.org http://proftpd.org/docs/NEWS-1.3.5rc1
  • secunia.com http://secunia.com/advisories/51823
    Vendor Advisory
  • debian.org http://www.debian.org/security/2013/dsa-2606
  • openwall.com http://www.openwall.com/lists/oss-security/2013/01/07/3

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.