VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2009-5012
pyftpdlib: ftpserver.py in pyftpdlib before 0.5.2 does not req...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5012

Original

ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-10-19
Source Information Category:
Advisory, Alert
Last Updated:
2010-10-20




Affected Product Tags
cpe:/a:g.rodola:pyftpdlib:0.1
cpe:/a:g.rodola:pyftpdlib:0.1.1
cpe:/a:g.rodola:pyftpdlib:0.2.0
cpe:/a:g.rodola:pyftpdlib:0.3.0
cpe:/a:g.rodola:pyftpdlib:0.4.0
cpe:/a:g.rodola:pyftpdlib:0.5.0
cpe:/a:g.rodola:pyftpdlib:0.5.1 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
X Single [?]
None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM http://code.google.com/p/pyftpdlib/source/diff?spec=svn596&r=596&format=side&path=/trunk/pyftpdlib/ftpserver.py




CONFIRM http://code.google.com/p/pyftpdlib/source/detail?r=596




CONFIRM http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY




CONFIRM http://code.google.com/p/pyftpdlib/issues/detail?id=114




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




Copyright © 2010 JPCERT/CC All Rights Reserved.