CVE-2007-6736

Name of the Vulnerable Software and Affected Versions pyftpdlib versions prior to 0.2.0

Description The issue allows remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command. This is due to multiple directory traversal vulnerabilities in FTPServer.py.

Recommendations For pyftpdlib versions prior to 0.2.0, update to version 0.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the LIST, STOR, and RETR commands until a patch is available. Avoid using the .. (dot dot) notation in these commands to minimize the risk of exploitation.