PT-2010-1239 · Python · Pyftpdlib

Published

2010-10-19

Updated

2022-05-01

CVE-2007-6741

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions pyftpdlib versions prior to 0.2.0

Description The issue concerns the ftp PORT function in FTPServer.py, which does not properly restrict TCP connections to privileged ports under certain conditions. This could potentially allow remote authenticated users to conduct FTP bounce attacks by crafting specific FTP data. An example of such an attack is against a NAT server.

Recommendations For versions prior to 0.2.0, update to version 0.2.0 or later to resolve the issue.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-269

Related Identifiers

CVE-2007-6741

GHSA-8XGX-75QW-6268

PYSEC-2010-25

Affected Products

Pyftpdlib

PT-2010-1239 · Python · Pyftpdlib

CVE-2007-6741

Weakness Enumeration

Related Identifiers

Affected Products

References · 11