pyftpd is prone to multiple vulnerabilities. 1. pyftpd is prone to multiple default-account vulnerabilities. These issues stem from a design flaw that makes several accounts available to remote attackers. Successful exploits allow remote attackers to gain unauthorized access to a vulnerable application. 2. pyftpd creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible. pyftpd prior to 0.8.5 are affected.
Vendor updates are available. Please see the references for more information.
- Core FTP Server 'Type' Command Remote Denial of Service Vulnerability
- XM Easy Personal FTP Server 'LIST' And 'NLST' Command DoS Vulnerability
- FileCOPA FTP Server Multiple Directory Traversal Vulnerabilities
- ProFTPD Denial of Service Vulnerability
- vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability