{"id":"DEBIAN-CVE-2012-6095","details":"ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.","modified":"2026-04-28T20:04:54.425489Z","published":"2013-01-24T21:55:01.353Z","upstream":["CVE-2012-6095"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-6095"}],"affected":[{"package":{"name":"proftpd-dfsg","ecosystem":"Debian:11","purl":"pkg:deb/debian/proftpd-dfsg?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.4a-3"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-6095.json"}},{"package":{"name":"proftpd-dfsg","ecosystem":"Debian:12","purl":"pkg:deb/debian/proftpd-dfsg?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.4a-3"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-6095.json"}},{"package":{"name":"proftpd-dfsg","ecosystem":"Debian:13","purl":"pkg:deb/debian/proftpd-dfsg?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.4a-3"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-6095.json"}},{"package":{"name":"proftpd-dfsg","ecosystem":"Debian:14","purl":"pkg:deb/debian/proftpd-dfsg?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.4a-3"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-6095.json"}}],"schema_version":"1.7.5"}