CVE-2012-6095 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	1.2 UNKNOWN	LOCAL	HIGH		AV:L/AC:H/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Vendor	Product	Version
proftpd	proftpd	𝑥 ≤ 1.3.4
proftpd	proftpd	1.2.0
proftpd	proftpd	1.2.0:pre10
proftpd	proftpd	1.2.0:pre9
proftpd	proftpd	1.2.0:rc1
proftpd	proftpd	1.2.0:rc2
proftpd	proftpd	1.2.0:rc3
proftpd	proftpd	1.2.1
proftpd	proftpd	1.2.2
proftpd	proftpd	1.2.2:rc1
proftpd	proftpd	1.2.2:rc2
proftpd	proftpd	1.2.2:rc3
proftpd	proftpd	1.2.3
proftpd	proftpd	1.2.4
proftpd	proftpd	1.2.5
proftpd	proftpd	1.2.5:rc1
proftpd	proftpd	1.2.5:rc2
proftpd	proftpd	1.2.5:rc3
proftpd	proftpd	1.2.6
proftpd	proftpd	1.2.6:rc1
proftpd	proftpd	1.2.6:rc2
proftpd	proftpd	1.2.7
proftpd	proftpd	1.2.7:rc1
proftpd	proftpd	1.2.7:rc2
proftpd	proftpd	1.2.7:rc3
proftpd	proftpd	1.2.8
proftpd	proftpd	1.2.8:rc1
proftpd	proftpd	1.2.8:rc2
proftpd	proftpd	1.2.9
proftpd	proftpd	1.2.9:rc1
proftpd	proftpd	1.2.9:rc2
proftpd	proftpd	1.2.9:rc3
proftpd	proftpd	1.2.10
proftpd	proftpd	1.2.10:rc1
proftpd	proftpd	1.2.10:rc2
proftpd	proftpd	1.2.10:rc3
proftpd	proftpd	1.3.0
proftpd	proftpd	1.3.0:a
proftpd	proftpd	1.3.0:rc1
proftpd	proftpd	1.3.0:rc2
proftpd	proftpd	1.3.0:rc3
proftpd	proftpd	1.3.0:rc4
proftpd	proftpd	1.3.0:rc5
proftpd	proftpd	1.3.1
proftpd	proftpd	1.3.1:rc1
proftpd	proftpd	1.3.1:rc2
proftpd	proftpd	1.3.1:rc3
proftpd	proftpd	1.3.2
proftpd	proftpd	1.3.2:a
proftpd	proftpd	1.3.2:b
proftpd	proftpd	1.3.2:c
proftpd	proftpd	1.3.2:d
proftpd	proftpd	1.3.2:e
proftpd	proftpd	1.3.2:rc1
proftpd	proftpd	1.3.2:rc2
proftpd	proftpd	1.3.2:rc3
proftpd	proftpd	1.3.2:rc4
proftpd	proftpd	1.3.3
proftpd	proftpd	1.3.3:a
proftpd	proftpd	1.3.3:b
proftpd	proftpd	1.3.3:c
proftpd	proftpd	1.3.3:rc1
proftpd	proftpd	1.3.3:rc2
proftpd	proftpd	1.3.3:rc3
proftpd	proftpd	1.3.3:rc4
proftpd	proftpd	1.3.4:rc1
proftpd	proftpd	1.3.4:rc2
proftpd	proftpd	1.3.4:rc3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

proftpd-dfsg

bullseye	1.3.7a+dfsg-12+deb11u2 fixed
bookworm	1.3.8+dfsg-4+deb12u3 fixed
trixie	1.3.8.b+dfsg-2 fixed
sid	1.3.8.b+dfsg-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

proftpd-dfsg

zesty	not-affected
yakkety	not-affected
xenial	not-affected
wily	not-affected
vivid	not-affected
utopic	not-affected
trusty	dne
saucy	not-affected
raring	not-affected
quantal	ignored
precise	ignored
oneiric	ignored
lucid	ignored
hardy	ignored

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://bugs.proftpd.org/show_bug.cgi?id=3841

http://proftpd.org/docs/NEWS-1.3.5rc1

http://secunia.com/advisories/51823

http://www.debian.org/security/2013/dsa-2606

http://www.openwall.com/lists/oss-security/2013/01/07/3

http://bugs.proftpd.org/show_bug.cgi?id=3841

http://proftpd.org/docs/NEWS-1.3.5rc1

http://secunia.com/advisories/51823

http://www.debian.org/security/2013/dsa-2606

http://www.openwall.com/lists/oss-security/2013/01/07/3