CVE-2007-6741 — Improper Privilege Management in Pyftpdlib

CWE-269 — Improper Privilege Management5 documents4 sources

Severity

6.5MEDIUMNVD

GHSA7.5OSV7.5

EPSS

0.6%

top 30.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

G.rodola Pyftpdlib Debian Python-pyftpdlib

Timeline

PublishedOct 19

Latest updateMay 1

Description

The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶PyPIg.rodola/pyftpdlib< 0.2.0

▶NVDg.rodola/pyftpdlib0.1.1+1

▶debiandebian/python-pyftpdlib

🔴Vulnerability Details

GHSA

Improper privilege management in pyftpdlib↗2022-05-01

▶

OSV

Improper privilege management in pyftpdlib↗2022-05-01

▶

OSV

CVE-2007-6741: The ftp_PORT function in FTPServer↗2010-10-19

▶

📋Vendor Advisories

Debian

CVE-2007-6741: python-pyftpdlib - The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent...↗2007

▶