CVE-2007-6738 — Use of Insufficiently Random Values in Pyftpdlib

CWE-330 — Use of Insufficiently Random Values5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 51.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

G.rodola Pyftpdlib Debian Python-pyftpdlib

Timeline

PublishedOct 19

Latest updateMay 1

Description

pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶PyPIg.rodola/pyftpdlib< 0.1.1

▶NVDg.rodola/pyftpdlib0.1

▶debiandebian/python-pyftpdlib

🔴Vulnerability Details

OSV

pyftpdlib Use of Insufficiently Random Values of port selection on PASV command↗2022-05-01

▶

GHSA

pyftpdlib Use of Insufficiently Random Values of port selection on PASV command↗2022-05-01

▶

OSV

CVE-2007-6738: pyftpdlib before 0↗2010-10-19

▶

📋Vendor Advisories

Debian

CVE-2007-6738: python-pyftpdlib - pyftpdlib before 0.1.1 does not choose a random value for the port associated wi...↗2007

▶