Summary
This host is running pyftpdlib FTP server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to retrieve or upload arbitrary system files or cause a denial of service.
Impact Level: Application/System
Solution
Upgrade to pyftpdlib version 0.5.2 or later,
For updates refer to http://code.google.com/p/pyftpdlib/downloads/list
Insight
Multiple flaws exist beacuse pyftpdlib,
- allows remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a LIST, STOR, or RETR command.
- does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
- allows remote attackers to cause a denial of service via a long command.
- does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.
- does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data.
Affected
ftpserver.py in pyftpdlib before 0.2.0
References
- http://code.google.com/p/pyftpdlib/issues/detail?id=3
- http://code.google.com/p/pyftpdlib/issues/detail?id=9
- http://code.google.com/p/pyftpdlib/issues/detail?id=11
- http://code.google.com/p/pyftpdlib/issues/detail?id=20
- http://code.google.com/p/pyftpdlib/issues/detail?id=25
- http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-6736, CVE-2007-6737, CVE-2007-6739, CVE-2007-6740, CVE-2007-6741 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Golden FTP Server Malformed Message Denial Of Service Vulnerability
- KnFTPd FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
- ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
- SamiFTP Server 'RETR' Command Denial of Service Vulnerability
- Smallftpd FTP Server Multiple Requests Denial of Service Vulnerability