oss-sec mailing list archives
CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 7 Jan 2013 11:55:54 -0500 (EST)
Hello Kurt, Steve, vendors, proFTPD upstream has recently released v1.3.5.rc1 release: [1] http://proftpd.org/docs/NEWS-1.3.5rc1 correcting one security issue: A time-of-check time-of-use (TOCTOU) race condition flaw was found in the way ProFTPD, flexible, stable and highly-configurable FTP server, handled MKD/XMKD FTP commands when the UserOwner directive was involved. A local attacker could use this flaw to possibly escalate their privileges via symbolic-link attacks on directories, created by ProFTPD prior the UserOwner ownership was applied. Upstream bug report: [2] http://bugs.proftpd.org/show_bug.cgi?id=3841 Relevant upstream patch: [3] http://bugs.proftpd.org/show_bug.cgi?id=3841#c8 References: [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697524 [5] https://bugzilla.redhat.com/show_bug.cgi?id=892715 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory Jan Lieskovsky (Jan 07)