Candidate: CVE-2012-6095
PublicDate: 2013-01-24 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6095
Description:
 ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local
 users to modify the ownership of arbitrary files via a race condition and a
 symlink attack on the (1) MKD or (2) XMKD commands.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697524
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_proftpd-dfsg:
 vendor: http://www.debian.org/security/2013/dsa-2606
upstream_proftpd-dfsg: released (1.3.4a-3)
hardy_proftpd-dfsg: ignored (reached end-of-life)
lucid_proftpd-dfsg: ignored (reached end-of-life)
oneiric_proftpd-dfsg: ignored (reached end-of-life)
precise_proftpd-dfsg: ignored (reached end-of-life)
precise/esm_proftpd-dfsg: DNE (precise was needed)
quantal_proftpd-dfsg: ignored (reached end-of-life)
raring_proftpd-dfsg: not-affected (1.3.4a-3)
saucy_proftpd-dfsg: not-affected (1.3.4a-3)
trusty_proftpd-dfsg: not-affected (1.3.4a-3)
trusty/esm_proftpd-dfsg: DNE (trusty was not-affected [1.3.4a-3])
utopic_proftpd-dfsg: not-affected (1.3.4a-3)
vivid_proftpd-dfsg: not-affected (1.3.4a-3)
vivid/stable-phone-overlay_proftpd-dfsg: DNE
vivid/ubuntu-core_proftpd-dfsg: DNE
wily_proftpd-dfsg: not-affected (1.3.4a-3)
xenial_proftpd-dfsg: not-affected (1.3.4a-3)
yakkety_proftpd-dfsg: not-affected (1.3.4a-3)
zesty_proftpd-dfsg: not-affected (1.3.4a-3)
devel_proftpd-dfsg: not-affected (1.3.4a-3)