Test Kennung:	1.3.6.1.4.1.25623.1.0.801617
Kategorie:	FTP
Titel:	pyftpdlib FTP Server Multiple Vulnerabilities
Zusammenfassung:	pyftpdlib FTP server is prone to multiple vulnerabilities.
Beschreibung:	Summary: pyftpdlib FTP server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist because pyftpdlib, - allows remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a LIST, STOR, or RETR command. - does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack. - allows remote attackers to cause a denial of service via a long command. - does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command. - does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data. Vulnerability Impact: Successful exploitation will allow attacker to retrieve or upload arbitrary system files or cause a denial of service. Affected Software/OS: ftpserver.py in pyftpdlib before 0.2.0 Solution: Upgrade to pyftpdlib version 0.5.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6736 Common Vulnerability Exposure (CVE) ID: CVE-2007-6737 Common Vulnerability Exposure (CVE) ID: CVE-2007-6739 Common Vulnerability Exposure (CVE) ID: CVE-2007-6740 Common Vulnerability Exposure (CVE) ID: CVE-2007-6741
Copyright	Copyright (C) 2010 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.