CVE-2007-6741
published 2010-10-19CVE-2007-6741: The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the…
PriorityP429medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.77%
75.3th percentile
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-pyftpdlib | — | — |
| g.rodola | pyftpdlib | <= 0.1.1 | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | >= 0 < 0.2.0 | 0.2.0 |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
ghsa7.5HIGH
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper privilege management in pyftpdlib
ghsa·2022-05-01·CVSS 7.5
CVE-2007-6741 [HIGH] CWE-269 Improper privilege management in pyftpdlib
Improper privilege management in pyftpdlib
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.
OSV
Improper privilege management in pyftpdlib
osv·2022-05-01·CVSS 7.5
CVE-2007-6741 [HIGH] Improper privilege management in pyftpdlib
Improper privilege management in pyftpdlib
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.
OSV
CVE-2007-6741: The ftp_PORT function in FTPServer
osv·2010-10-19·CVSS 7.5
CVE-2007-6741 [HIGH] CVE-2007-6741: The ftp_PORT function in FTPServer
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.
Debian
CVE-2007-6741: python-pyftpdlib - The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent...
vendor_debian·2007·CVSS 7.5
CVE-2007-6741 [HIGH] CVE-2007-6741: python-pyftpdlib - The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent...
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://code.google.com/p/pyftpdlib/issues/detail?id=11http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORYhttp://code.google.com/p/pyftpdlib/source/detail?r=32http://code.google.com/p/pyftpdlib/source/diff?spec=svn32&r=32&format=side&path=/trunk/pyftpdlib/FTPServer.pyhttp://code.google.com/p/pyftpdlib/issues/detail?id=11http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORYhttp://code.google.com/p/pyftpdlib/source/detail?r=32http://code.google.com/p/pyftpdlib/source/diff?spec=svn32&r=32&format=side&path=/trunk/pyftpdlib/FTPServer.py
2010-10-19
Published