Race condition

2013-01-2421:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.

CPENameOperatorVersion
proftpdeq1.2.0 rc1
proftpdeq1.3.3 b
proftpdeq1.3.3 rc4
proftpdeq1.2.0
proftpdeq1.3.1 rc2
proftpdeq1.3.0 rc1
proftpdeq1.2.0 rc2
proftpdeq1.3.3 c
proftpdeq1.3.2 d
proftpdeq1.2.0 pre10

Name	Operator	Version
proftpd	eq	1.2.0 rc1
proftpd	eq	1.3.3 b
proftpd	eq	1.3.3 rc4
proftpd	eq	1.2.0
proftpd	eq	1.3.1 rc2
proftpd	eq	1.3.0 rc1
proftpd	eq	1.2.0 rc2
proftpd	eq	1.3.3 c
proftpd	eq	1.3.2 d
proftpd	eq	1.2.0 pre10