Summary: | <net-ftp/proftpd-1.3.4c: Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory (CVE-2012-6095) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bernd, net-ftp, proxy-maint, slyfox, voyageur, zerochaos |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=892715 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 443518 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-01-07 19:22:36 UTC
CVE-2012-6095 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6095): ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. The tree got fixed ebuild 'net-ftp/proftpd-1.3.4c' (fixed upstream). (In reply to comment #2) > The tree got fixed ebuild 'net-ftp/proftpd-1.3.4c' (fixed upstream). Thanks, Sergei. Should we stabilize that one or the -r1 ? (In reply to comment #3) > (In reply to comment #2) > > The tree got fixed ebuild 'net-ftp/proftpd-1.3.4c' (fixed upstream). > > Thanks, Sergei. Should we stabilize that one or the -r1 ? It's safer to stabilize '=net-ftp/proftpd-1.3.4c'. -r1 differs only by new modules. I'd ike to have them in ~arch for a while. (In reply to comment #2) > The tree got fixed ebuild 'net-ftp/proftpd-1.3.4c' (fixed upstream). Arches, please test and mark stable. Target KEYWORDS: "alpha amd64 ~arm hppa ~ia64 ~mips ppc ppc64 sparc x86" We need to stabilize >=dev-libs/libmemcached-0.41 first, because =net-ftp/proftpd-1.3.4c[memcache] depends on it. There is a stablereq for =dev-libs/libmemcached-0.50 here -> bug #443518 We need to stabilize >=dev-libs/libmemcached-0.41 first, because =net-ftp/proftpd-1.3.4c[memcache] depends on it. There is a stablereq for =dev-libs/libmemcached-0.50 here -> bug #443518 Stable for HPPA. amd64 stable x86 stable ppc stable ppc64 stable alpha stable sparc stable + 09 Jul 2013; Michael Weber <xmw@gentoo.org> package.mask: + Masked <net-ftp/proftpd-1.3.4c for security bug 450746, CVE-2012-6095 + please stable on arm as well (In reply to Rick Farina (Zero_Chaos) from comment #16) > please stable on arm as well Negative. Security stable requests are not meant to first stabilize a package on a new arch. File a separate request. GLSA vote: yes GLSA vote: yes This issue was resolved and addressed in GLSA 201309-15 at http://security.gentoo.org/glsa/glsa-201309-15.xml by GLSA coordinator Sean Amoss (ackle). |