Test ID:	1.3.6.1.4.1.25623.1.0.801613
Category:	FTP
Title:	pyftpdlib FTP Server Multiple Vulnerabilities
Summary:	pyftpdlib FTP server is prone to multiple vulnerabilities.
Description:	Summary: pyftpdlib FTP server is prone to multiple vulnerabilities. Vulnerability Insight: - Race condition in the FTPHandler class allows remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection. - Improper permission check for the NLST command allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. - Memory leak in the on_dtp_close function allows remote authenticated users to cause a denial of service by sending a QUIT command during a data transfer. Vulnerability Impact: Successful exploitation will allow attacker to cause a denial of service. Affected Software/OS: ftpserver.py in pyftpdlib before 0.5.2 Solution: Upgrade to pyftpdlib version 0.5.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3494 http://bugs.python.org/issue6706 https://bugs.launchpad.net/zodb/+bug/135108 http://www.openwall.com/lists/oss-security/2010/09/09/6 http://www.openwall.com/lists/oss-security/2010/09/11/2 http://www.openwall.com/lists/oss-security/2010/09/22/3 http://www.openwall.com/lists/oss-security/2010/09/24/3 Common Vulnerability Exposure (CVE) ID: CVE-2009-5012 Common Vulnerability Exposure (CVE) ID: CVE-2009-5013 Common Vulnerability Exposure (CVE) ID: CVE-2009-5011
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.