CVE-2012-6095
proftpd-dfsg - symlink race
EPSS 0.06%
Description
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
How to fix CVE-2012-6095
To remediate CVE-2012-6095, upgrade the affected package to a fixed version below.
- Debian/proftpd-dfsg—upgrade to 1.3.4a-3 or later
- Debian/proftpd-dfsg—upgrade to 1.3.3a-6squeeze6 or later
Is CVE-2012-6095 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.3.4a-3
- from 0, < 1.3.3a-6squeeze6