Bug 8654

Summary: CVE-2012-6095: proftpd - Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory
Product: Mageia Reporter: Oden Eriksson <oe>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: Normal CC: bersuit.vera, dmorganec
Version: 2   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: proftpd CVE:
Status comment:

Description Oden Eriksson 2013-01-11 06:43:35 CET 
On 01/07/2013 09:55 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
>
> proFTPD upstream has recently released v1.3.5.rc1 release: [1]
> http://proftpd.org/docs/NEWS-1.3.5rc1 correcting one security
> issue:
>
> A time-of-check time-of-use (TOCTOU) race condition flaw was found
> in the way ProFTPD, flexible, stable and highly-configurable FTP
> server, handled MKD/XMKD FTP commands when the UserOwner directive
> was involved. A local attacker could use this flaw to possibly
> escalate their privileges via symbolic-link attacks on
> directories, created by ProFTPD prior the UserOwner ownership was
> applied.
>
> Upstream bug report: [2]
> http://bugs.proftpd.org/show_bug.cgi?id=3841
>
> Relevant upstream patch: [3]
> http://bugs.proftpd.org/show_bug.cgi?id=3841#c8
>
> References: [4]
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697524 [5]
> https://bugzilla.redhat.com/show_bug.cgi?id=892715
>
> Could you allocate a CVE id for this?
>
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team
>

Please use CVE-2012-6095 for this issue.
Manuel Hiebel 2013-01-11 22:31:33 CET

CC: (none) => bersuit.vera, dmorganec
Source RPM: (none) => proftpd

Comment 1 Manuel Hiebel 2013-01-30 14:45:33 CET 

*** This bug has been marked as a duplicate of bug 8691 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE