CVE-2012-6095
NONE
Published Jan 24, 201313y ago · Modified Jun 16, 20262w ago
Published Jan 24, 2013 13y ago
Last Modified Jun 16, 2026 2w ago
Description
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-362
Affected Products 68
| Vendor | Product | Version | Range |
|---|---|---|---|
| proftpd | proftpd | * | ≤1.3.4 |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.0 | any |
| proftpd | proftpd | 1.2.1 | any |
| proftpd | proftpd | 1.2.2 | any |
| proftpd | proftpd | 1.2.2 | any |
| proftpd | proftpd | 1.2.2 | any |
| proftpd | proftpd | 1.2.2 | any |
| proftpd | proftpd | 1.2.3 | any |
| proftpd | proftpd | 1.2.4 | any |
| proftpd | proftpd | 1.2.5 | any |
| proftpd | proftpd | 1.2.5 | any |
| proftpd | proftpd | 1.2.5 | any |
| proftpd | proftpd | 1.2.5 | any |
| proftpd | proftpd | 1.2.6 | any |
| proftpd | proftpd | 1.2.6 | any |
| proftpd | proftpd | 1.2.6 | any |
| proftpd | proftpd | 1.2.7 | any |
| proftpd | proftpd | 1.2.7 | any |
| proftpd | proftpd | 1.2.7 | any |
| proftpd | proftpd | 1.2.7 | any |
| proftpd | proftpd | 1.2.8 | any |
| proftpd | proftpd | 1.2.8 | any |
| proftpd | proftpd | 1.2.8 | any |
| proftpd | proftpd | 1.2.9 | any |
| proftpd | proftpd | 1.2.9 | any |
| proftpd | proftpd | 1.2.9 | any |
| proftpd | proftpd | 1.2.9 | any |
| proftpd | proftpd | 1.2.10 | any |
| proftpd | proftpd | 1.2.10 | any |
| proftpd | proftpd | 1.2.10 | any |
| proftpd | proftpd | 1.2.10 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.0 | any |
| proftpd | proftpd | 1.3.1 | any |
| proftpd | proftpd | 1.3.1 | any |
| proftpd | proftpd | 1.3.1 | any |
| proftpd | proftpd | 1.3.1 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.2 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.3 | any |
| proftpd | proftpd | 1.3.4 | any |
| proftpd | proftpd | 1.3.4 | any |
| proftpd | proftpd | 1.3.4 | any |
References 5
- bugs.proftpd.org http://bugs.proftpd.org/show_bug.cgi?id=3841
- proftpd.org http://proftpd.org/docs/NEWS-1.3.5rc1
- secunia.com http://secunia.com/advisories/51823
- debian.org http://www.debian.org/security/2013/dsa-2606
- openwall.com http://www.openwall.com/lists/oss-security/2013/01/07/3
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.