Pyftpdlib FTP Server Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running pyftpdlib FTP server and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to cause a denial of service. Impact Level: Application

Solution

Upgrade to pyftpdlib version 0.5.2 or later, For updates refer to http://code.google.com/p/pyftpdlib/downloads/list

Insight

The flaw is due to race condition in the FTPHandler class, which allows remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None.

Affected

ftpserver.py in pyftpdlib before 0.5.1

References

http://code.google.com/p/pyftpdlib/issues/detail?id=91
http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
http://code.google.com/p/pyftpdlib/source/detail?r=439

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-5010

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

proftpd < 1.2.11 remote user enumeration
Bftpd Unspecified Remote Denial of Service Vulnerability
FTP Writeable Directories
Home FTP Server Multiple Directory Traversal Vulnerabilities
XM Easy Personal FTP Server 'TYPE' Command Remote Denial of Service Vulnerability

pyftpdlib FTP Server Denial of Service Vulnerability

Take action and discover your vulnerabilities