Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 892715 (CVE-2012-6095) - CVE-2012-6095 proftpd: Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory
Summary: CVE-2012-6095 proftpd: Symlink race condition when applying UserOwner to a ne...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-6095
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 892718 892719
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-07 16:47 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:58 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-19 09:39:17 UTC
Embargoed:


Attachments (Terms of Use)

Description Jan Lieskovsky 2013-01-07 16:47:28 UTC
A time-of-check time-of-use (TOCTOU) race condition flaw was found in the way ProFTPD, flexible, stable and highly-configurable FTP server, handled MKD/XMKD FTP commands when the UserOwner directive was involved. A local attacker could use this flaw to possibly escalate their privileges via symbolic-link attacks on directories, created by ProFTPD prior UserOwner ownership was applied.

Upstream bug report:
[1] http://bugs.proftpd.org/show_bug.cgi?id=3841

Relevant upstream patch:
[2] http://bugs.proftpd.org/show_bug.cgi?id=3841#c8

References:
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697524

Comment 1 Jan Lieskovsky 2013-01-07 16:50:38 UTC
This issue affects the versions of the proftpd package, as shipped with Fedora release of 16 and 17. Please schedule an update.

--

This issue affects the versions of the proftpd package, as shipped with Fedora EPEL 5 and 6. Please schedule an update.

Comment 2 Jan Lieskovsky 2013-01-07 16:51:58 UTC
Created proftpd tracking bugs for this issue

Affects: fedora-all [bug 892718]
Affects: epel-all [bug 892719]

Comment 3 Jan Lieskovsky 2013-01-08 11:30:37 UTC
The CVE identifier of CVE-2012-6095 has been assigned to this issue:
  http://www.openwall.com/lists/oss-security/2013/01/07/3

Comment 4 Fedora Update System 2013-01-30 00:31:11 UTC
proftpd-1.3.4b-5.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2013-01-30 00:31:39 UTC
proftpd-1.3.4b-5.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2013-01-30 00:58:54 UTC
proftpd-1.3.4b-5.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2013-02-05 21:22:37 UTC
proftpd-1.3.3g-2.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2013-02-05 21:25:28 UTC
proftpd-1.3.3g-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Paul Howarth 2013-08-19 09:19:19 UTC
This has been addressed in all current Fedora and EPEL releases. Can we close the bug now?

Comment 10 Tomas Hoger 2013-08-19 09:39:17 UTC
Yes, thank you!


Note You need to log in before you can comment on or make changes to this bug.