Lucene search

K

GoogleOSV:GHSA-8XGX-75QW-6268

HistoryMay 01, 2022 - 6:45 p.m.

Improper privilege management in pyftpdlib

2022-05-0118:45:58

Google

osv.dev

8

0.017 Low

EPSS

Percentile

87.7%

The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.

References

code.google.com/p/pyftpdlib/issues/detail?id=11

code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY

code.google.com/p/pyftpdlib/source/detail?r=32

code.google.com/p/pyftpdlib/source/diff?spec=svn32&r=32&format=side&path=/trunk/pyftpdlib/FTPServer.py

github.com/advisories/GHSA-8xgx-75qw-6268

github.com/giampaolo/pyftpdlib

github.com/giampaolo/pyftpdlib/issues/11

github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-25.yaml

nvd.nist.gov/vuln/detail/CVE-2007-6741

0.017 Low

EPSS

Percentile

87.7%

Related for OSV:GHSA-8XGX-75QW-6268

cve4 nvd3 osv1 github1 cvelist4 prion2 debiancve1 nessus2 openvas3 securityvulns2 cert1