CVE-2012-6095

Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 1.3.5rc1

Description The issue is caused by a race condition when handling the MKD and XMKD FTP commands, allowing local users to modify the ownership of arbitrary files via a symlink attack. This can lead to a violation of protected information integrity. The security issue can be exploited by malicious, local users to gain escalated privileges, requiring the UserOwner directive.

Recommendations For ProFTPD versions prior to 1.3.5rc1, update to version 1.3.5rc1 or later to resolve the issue. As a temporary workaround, consider disabling the UserOwner directive until a patch is available. Restrict access to the MKD and XMKD commands to minimize the risk of exploitation.