Pyftpdlib FTP Server Multiple Vulnerabilities Network Vulnerability

Summary

This host is running pyftpdlib FTP server and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to cause a denial of service. Impact Level: Application

Solution

Upgrade to pyftpdlib version 0.5.2 or later, For updates refer to http://code.google.com/p/pyftpdlib/downloads/list

Insight

- ftpserver.py in pyftpdlib does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. - ftp_QUIT function allows remote authenticated users to cause a denial of service by sending a QUIT command during a disallowed data-transfer attempt.

Affected

ftpserver.py in pyftpdlib before 0.5.0

References

http://code.google.com/p/pyftpdlib/issues/detail?id=71
http://code.google.com/p/pyftpdlib/issues/detail?id=73
http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7263, CVE-2008-7264

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ProFTPD Server SQL Injection Vulnerability
Smallftpd FTP Server Multiple Requests Denial of Service Vulnerability
wu-ftpd S/KEY authentication overflow
KnFTPd FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
HP-UX ftpd glob() Expansion STAT Buffer Overflow

pyftpdlib FTP Server Multiple Vulnerabilities

Take action and discover your vulnerabilities