-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:053 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : proftpd Date : April 5, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in proftpd: ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands (CVE-2012-6095). The updated packages have been patched to correct thies issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6095 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 8668ab069cbdedce850d25db83d3dc63 mes5/i586/proftpd-1.3.3g-0.2mdvmes5.2.i586.rpm a88d58a1b9881057050285161002723c mes5/i586/proftpd-devel-1.3.3g-0.2mdvmes5.2.i586.rpm 22585bc394667f153da8a755433be6ca mes5/i586/proftpd-mod_autohost-1.3.3g-0.2mdvmes5.2.i586.rpm 2982055fd23bb005abac8c7c31e3f1ca mes5/i586/proftpd-mod_ban-1.3.3g-0.2mdvmes5.2.i586.rpm 7625769dc24aba049d0e6e7d386a8f10 mes5/i586/proftpd-mod_case-1.3.3g-0.2mdvmes5.2.i586.rpm affe5ebdb0deb4efd970d3155d50274f mes5/i586/proftpd-mod_ctrls_admin-1.3.3g-0.2mdvmes5.2.i586.rpm 72619f1941c05f1f3a39b7ed8ec8ea49 mes5/i586/proftpd-mod_gss-1.3.3g-0.2mdvmes5.2.i586.rpm 758c72efd40ee333083acb5242f688cf mes5/i586/proftpd-mod_ifsession-1.3.3g-0.2mdvmes5.2.i586.rpm 1c9a23300e8be683a228becdf1171b8d mes5/i586/proftpd-mod_ldap-1.3.3g-0.2mdvmes5.2.i586.rpm 53648fcba355fd40bced12dbf68fc97b mes5/i586/proftpd-mod_load-1.3.3g-0.2mdvmes5.2.i586.rpm 7a816012a6a3c71acdbbb6b3b32e3aca mes5/i586/proftpd-mod_quotatab-1.3.3g-0.2mdvmes5.2.i586.rpm d356cc1095145a8556576c6365cd6d0e mes5/i586/proftpd-mod_quotatab_file-1.3.3g-0.2mdvmes5.2.i586.rpm e07f0c88c9f2eea890c367d0367e08fb mes5/i586/proftpd-mod_quotatab_ldap-1.3.3g-0.2mdvmes5.2.i586.rpm 55542c9f37db65b4a8dfc494e8d01efa mes5/i586/proftpd-mod_quotatab_radius-1.3.3g-0.2mdvmes5.2.i586.rpm e5ef7bfa955fe8b1f2d7d51408603f32 mes5/i586/proftpd-mod_quotatab_sql-1.3.3g-0.2mdvmes5.2.i586.rpm 2f16197f14aad72f8edc936987365dee mes5/i586/proftpd-mod_radius-1.3.3g-0.2mdvmes5.2.i586.rpm 3b749be10c1413c52f042cb06dc37b64 mes5/i586/proftpd-mod_ratio-1.3.3g-0.2mdvmes5.2.i586.rpm 4dedd298bf289a617636c17cbdcf7891 mes5/i586/proftpd-mod_rewrite-1.3.3g-0.2mdvmes5.2.i586.rpm 3b820c82057c98a7a7c3e48b56098056 mes5/i586/proftpd-mod_sftp-1.3.3g-0.2mdvmes5.2.i586.rpm c2fae5843fe294355cd9ed690c5257d0 mes5/i586/proftpd-mod_sftp_pam-1.3.3g-0.2mdvmes5.2.i586.rpm 453dfd91e7e0737033a60f6040d8cd60 mes5/i586/proftpd-mod_sftp_sql-1.3.3g-0.2mdvmes5.2.i586.rpm 370818a2ae1390fae2685948883ee8e2 mes5/i586/proftpd-mod_shaper-1.3.3g-0.2mdvmes5.2.i586.rpm ebe0bf7898d073190eb6e9b3c981f021 mes5/i586/proftpd-mod_site_misc-1.3.3g-0.2mdvmes5.2.i586.rpm 3477c07efe3bf44ded0d9a46630c86d5 mes5/i586/proftpd-mod_sql-1.3.3g-0.2mdvmes5.2.i586.rpm 454b317fab48bbaa91117ef07706ec5a mes5/i586/proftpd-mod_sql_mysql-1.3.3g-0.2mdvmes5.2.i586.rpm 78d5333793b5b0169bc0fe32da8d6022 mes5/i586/proftpd-mod_sql_passwd-1.3.3g-0.2mdvmes5.2.i586.rpm 70221679c6a9cf0e69e9c80e8266afdf mes5/i586/proftpd-mod_sql_postgres-1.3.3g-0.2mdvmes5.2.i586.rpm be4f37a0455aa65c64fb74c4ca999c97 mes5/i586/proftpd-mod_sql_sqlite-1.3.3g-0.2mdvmes5.2.i586.rpm ceae0ed8a2671b33a7746f6452720ddf mes5/i586/proftpd-mod_time-1.3.3g-0.2mdvmes5.2.i586.rpm 1ccb28cce4bce9d336ba3681c5bc2d34 mes5/i586/proftpd-mod_tls-1.3.3g-0.2mdvmes5.2.i586.rpm 1b607c33dfc532f7524b950ca18924ed mes5/i586/proftpd-mod_tls_shmcache-1.3.3g-0.2mdvmes5.2.i586.rpm eb4be8eda6d430f18b9af06c5863cc86 mes5/i586/proftpd-mod_vroot-1.3.3g-0.2mdvmes5.2.i586.rpm 994b33b5b7017f81dd9e69e7cc869e1e mes5/i586/proftpd-mod_wrap-1.3.3g-0.2mdvmes5.2.i586.rpm 212da3cc0d0aaf9c73e7223e12acb48c mes5/i586/proftpd-mod_wrap_file-1.3.3g-0.2mdvmes5.2.i586.rpm c30258b0def5269eb674f996b9bc054a mes5/i586/proftpd-mod_wrap_sql-1.3.3g-0.2mdvmes5.2.i586.rpm f5fe41d1f4d001e1d6d423f6ce6a87ca mes5/SRPMS/proftpd-1.3.3g-0.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 363f9c2ed43710548a69e4fe8d9d1bb4 mes5/x86_64/proftpd-1.3.3g-0.2mdvmes5.2.x86_64.rpm 084a6ce1d8f71c4a0091f710c3058c89 mes5/x86_64/proftpd-devel-1.3.3g-0.2mdvmes5.2.x86_64.rpm df9b615d61524aaff76762c1d556b5eb mes5/x86_64/proftpd-mod_autohost-1.3.3g-0.2mdvmes5.2.x86_64.rpm 76e573c60f2d6cd105e5bbcc4dc22e5c mes5/x86_64/proftpd-mod_ban-1.3.3g-0.2mdvmes5.2.x86_64.rpm df5f919852b0a29c5f3774f2e03f5be6 mes5/x86_64/proftpd-mod_case-1.3.3g-0.2mdvmes5.2.x86_64.rpm 5c1138c7bb8e4a766b0212ea92e1b76e mes5/x86_64/proftpd-mod_ctrls_admin-1.3.3g-0.2mdvmes5.2.x86_64.rpm 42c5ef07a24a22783ca7721c26a0fbf0 mes5/x86_64/proftpd-mod_gss-1.3.3g-0.2mdvmes5.2.x86_64.rpm 90073ef45c6855a325d552a9c7005db9 mes5/x86_64/proftpd-mod_ifsession-1.3.3g-0.2mdvmes5.2.x86_64.rpm 843fce783ea1d2a58f00516888a2b28a mes5/x86_64/proftpd-mod_ldap-1.3.3g-0.2mdvmes5.2.x86_64.rpm 749746d8dc3c07e2e20e04f550c3c66c mes5/x86_64/proftpd-mod_load-1.3.3g-0.2mdvmes5.2.x86_64.rpm ccdc137ddec2aa827676c4d78a0adb83 mes5/x86_64/proftpd-mod_quotatab-1.3.3g-0.2mdvmes5.2.x86_64.rpm 60591f3dc63dc0d21f9a4ee87d3c57a1 mes5/x86_64/proftpd-mod_quotatab_file-1.3.3g-0.2mdvmes5.2.x86_64.rpm fc5333ef35c706a1eed890fc2ee47085 mes5/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-0.2mdvmes5.2.x86_64.rpm b0de06ee3c04bcff9d631e44dbf0f500 mes5/x86_64/proftpd-mod_quotatab_radius-1.3.3g-0.2mdvmes5.2.x86_64.rpm 21ae0c64090ba2b67e7cc41969c771f2 mes5/x86_64/proftpd-mod_quotatab_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm 9ffb1603cf109d1a562a75f0301a9538 mes5/x86_64/proftpd-mod_radius-1.3.3g-0.2mdvmes5.2.x86_64.rpm 74bd7fbe86e6056b8eb34305be111803 mes5/x86_64/proftpd-mod_ratio-1.3.3g-0.2mdvmes5.2.x86_64.rpm 1539bd210d6c0c8369864db9ad9f3593 mes5/x86_64/proftpd-mod_rewrite-1.3.3g-0.2mdvmes5.2.x86_64.rpm 881dff9a2839981b9cc90b138cfc9fc5 mes5/x86_64/proftpd-mod_sftp-1.3.3g-0.2mdvmes5.2.x86_64.rpm 8dadb26deb8c5a75dbcba778757ef2c6 mes5/x86_64/proftpd-mod_sftp_pam-1.3.3g-0.2mdvmes5.2.x86_64.rpm b5a6c19db19dc05047a47c63e3604810 mes5/x86_64/proftpd-mod_sftp_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm 2cf8891c4a2b78a2dab674cf1f1d0790 mes5/x86_64/proftpd-mod_shaper-1.3.3g-0.2mdvmes5.2.x86_64.rpm bf5d9cd2e1941728cf624f54267bfd26 mes5/x86_64/proftpd-mod_site_misc-1.3.3g-0.2mdvmes5.2.x86_64.rpm 74fde039da420d064ce169eb23c7dfdf mes5/x86_64/proftpd-mod_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm 44fc63fdae7c56ddd1b672d30844e4db mes5/x86_64/proftpd-mod_sql_mysql-1.3.3g-0.2mdvmes5.2.x86_64.rpm 393b8be0ecfc4caeffb68867fe626186 mes5/x86_64/proftpd-mod_sql_passwd-1.3.3g-0.2mdvmes5.2.x86_64.rpm a8d6fb72ff8e1f1693e4d9dc97cc90e2 mes5/x86_64/proftpd-mod_sql_postgres-1.3.3g-0.2mdvmes5.2.x86_64.rpm 3d1e776e494cc82e4dae6c2af9a1c097 mes5/x86_64/proftpd-mod_sql_sqlite-1.3.3g-0.2mdvmes5.2.x86_64.rpm 2f52338710210ed58b61bcd85b74643d mes5/x86_64/proftpd-mod_time-1.3.3g-0.2mdvmes5.2.x86_64.rpm e2cb8dc3de2f44cbcae28ba24ed8dd3c mes5/x86_64/proftpd-mod_tls-1.3.3g-0.2mdvmes5.2.x86_64.rpm 990c7da3df3a729ca60f47468d5ded8f mes5/x86_64/proftpd-mod_tls_shmcache-1.3.3g-0.2mdvmes5.2.x86_64.rpm f86f098eefb718bc23db3a65499583b8 mes5/x86_64/proftpd-mod_vroot-1.3.3g-0.2mdvmes5.2.x86_64.rpm c52d1eb47e58fc6ac8da5796774ddddc mes5/x86_64/proftpd-mod_wrap-1.3.3g-0.2mdvmes5.2.x86_64.rpm f6ad59a559e40923f019a24b4aa6d0e7 mes5/x86_64/proftpd-mod_wrap_file-1.3.3g-0.2mdvmes5.2.x86_64.rpm b967bdd9c51f774f3ea8c0b29a4131a9 mes5/x86_64/proftpd-mod_wrap_sql-1.3.3g-0.2mdvmes5.2.x86_64.rpm f5fe41d1f4d001e1d6d423f6ce6a87ca mes5/SRPMS/proftpd-1.3.3g-0.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 5ee3e510f5e05281247458d07475e241 mbs1/x86_64/proftpd-1.3.3g-2.1.mbs1.x86_64.rpm ee060dab08f900c56bf9bab7a2569f63 mbs1/x86_64/proftpd-devel-1.3.3g-2.1.mbs1.x86_64.rpm ce1cefaed89457b9fda7da4ce5061d24 mbs1/x86_64/proftpd-mod_autohost-1.3.3g-2.1.mbs1.x86_64.rpm b607b9f8aa4805d4a0b090dc99c1189d mbs1/x86_64/proftpd-mod_ban-1.3.3g-2.1.mbs1.x86_64.rpm a881044b088bcda4329537004559dd46 mbs1/x86_64/proftpd-mod_case-1.3.3g-2.1.mbs1.x86_64.rpm 3afc1166329e5f2d70a24d5219f74ed2 mbs1/x86_64/proftpd-mod_ctrls_admin-1.3.3g-2.1.mbs1.x86_64.rpm 3b41a39b3aebab299d66246c9217f082 mbs1/x86_64/proftpd-mod_gss-1.3.3g-2.1.mbs1.x86_64.rpm e326d9402aa1d3945069312bb6a48045 mbs1/x86_64/proftpd-mod_ifsession-1.3.3g-2.1.mbs1.x86_64.rpm 9281e71ca842fae81e215419f4a6b842 mbs1/x86_64/proftpd-mod_ldap-1.3.3g-2.1.mbs1.x86_64.rpm 573512c7005c90b5c362263dfeec1698 mbs1/x86_64/proftpd-mod_load-1.3.3g-2.1.mbs1.x86_64.rpm 85fe7cbd5bc876e7f67502a53facc5df mbs1/x86_64/proftpd-mod_quotatab-1.3.3g-2.1.mbs1.x86_64.rpm ea1c19bd2a8b496cc03963d42d4eeead mbs1/x86_64/proftpd-mod_quotatab_file-1.3.3g-2.1.mbs1.x86_64.rpm 5b92d4110792649bb89637f1adfbdcab mbs1/x86_64/proftpd-mod_quotatab_ldap-1.3.3g-2.1.mbs1.x86_64.rpm 41c8309fe1e3a7277eddce9daa1cad9f mbs1/x86_64/proftpd-mod_quotatab_radius-1.3.3g-2.1.mbs1.x86_64.rpm ea5d966d22fcfe1eb69b32905621268e mbs1/x86_64/proftpd-mod_quotatab_sql-1.3.3g-2.1.mbs1.x86_64.rpm bdbbe5631e05e8d27375a395ec92a67a mbs1/x86_64/proftpd-mod_radius-1.3.3g-2.1.mbs1.x86_64.rpm 9a932ac2241dca3466695e327d38d28b mbs1/x86_64/proftpd-mod_ratio-1.3.3g-2.1.mbs1.x86_64.rpm 36f12754a5bbac843c03b09f241a8087 mbs1/x86_64/proftpd-mod_rewrite-1.3.3g-2.1.mbs1.x86_64.rpm 1372826aad7e999d7599c4b93b13ade1 mbs1/x86_64/proftpd-mod_sftp-1.3.3g-2.1.mbs1.x86_64.rpm a49511fdc7141dba6106a48908db103a mbs1/x86_64/proftpd-mod_shaper-1.3.3g-2.1.mbs1.x86_64.rpm ef9f765f6173e1981a75cd30b978b5bb mbs1/x86_64/proftpd-mod_site_misc-1.3.3g-2.1.mbs1.x86_64.rpm 323c87bf0bcccc33f438a03c03ffc52a mbs1/x86_64/proftpd-mod_sql-1.3.3g-2.1.mbs1.x86_64.rpm 7153e4d2d9c0b9c3f4fd694cc3ef09ff mbs1/x86_64/proftpd-mod_sql_mysql-1.3.3g-2.1.mbs1.x86_64.rpm d38ad8e88d33ec5f625e52f2a49e30ca mbs1/x86_64/proftpd-mod_sql_passwd-1.3.3g-2.1.mbs1.x86_64.rpm 523f576bab25b5966c1141dc0ead4088 mbs1/x86_64/proftpd-mod_sql_postgres-1.3.3g-2.1.mbs1.x86_64.rpm 7a78310aa523a8c5c9e8b504c1ca763b mbs1/x86_64/proftpd-mod_time-1.3.3g-2.1.mbs1.x86_64.rpm a7952bf753a822734605e182606519dc mbs1/x86_64/proftpd-mod_tls-1.3.3g-2.1.mbs1.x86_64.rpm b8bc0fe6d2a30ecbccd56682a1cef78c mbs1/x86_64/proftpd-mod_vroot-1.3.3g-2.1.mbs1.x86_64.rpm 9f9332d885d77c1b840a5c66489ebc9b mbs1/x86_64/proftpd-mod_wrap-1.3.3g-2.1.mbs1.x86_64.rpm 2fc91b4ff89bfcb0147070cc07bd889f mbs1/x86_64/proftpd-mod_wrap_file-1.3.3g-2.1.mbs1.x86_64.rpm 50904d544c039681471574b2eb61b296 mbs1/x86_64/proftpd-mod_wrap_sql-1.3.3g-2.1.mbs1.x86_64.rpm 04853f2f9be154ae438f8c04857dc136 mbs1/SRPMS/proftpd-1.3.3g-2.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRXta/mqjQ0CJFipgRAjkMAJ9Jfo6qxIQacm1aJqZueaeMIRjA3gCgqibo q2xaoMFyZ182AziVedoKKRw= =70PS -----END PGP SIGNATURE-----