Mandriva Linux Security Advisory : proftpd (MDVSA-2013:053)
Low Nessus Plugin ID 66067
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been found and corrected in proftpd :
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands (CVE-2012-6095).
The updated packages have been patched to correct thies issue.
SolutionUpdate the affected packages.