Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6741

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2007-6741
Last Modified 20 Oct 2010 12:00:00
Published 19 Oct 2010 04:00:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-6741

Summary

The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.

Vulnerable Systems

Application

  • G.rodola Pyftpdlib 0.1

  • G.rodola Pyftpdlib 0.1.1


References

CONFIRM - http://code.google.com/p/pyftpdlib/source/diff?spec=svn32&r=32&format=side&path=/trunk/pyftpdlib/FTPServer.py

CONFIRM - http://code.google.com/p/pyftpdlib/source/detail?r=32

CONFIRM - http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY

CONFIRM - http://code.google.com/p/pyftpdlib/issues/detail?id=11


Last Updated: 27 May 2016 10:46:38