ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD. Rated low severity (CVSS 1.2). No vendor patch available.
Information Disclosure
Race Condition
Proftpd
NVD
CVSS 2.0
1.2
EPSS
0.1%