Oracle Solaris Third-Party Patch Update : proftpd (cve_2012_6095_race_conditions)
Low Nessus Plugin ID 80743
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
SolutionUpgrade to Solaris 18.104.22.168.0.