Upstream information
Description
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 1.2 |
Vector | AV:L/AC:H/Au:N/C:N/I:P/A:N |
Access Vector | Local |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 19:42:31 2013CVE page last modified: Fri Oct 7 12:46:21 2022