CVE-2008-7264

The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.

Published Bycve@mitre.org

Published DateOct 19, 2010, 20:00

Affected Versions(1)

pyftpdlib(PyPI)

Introduced0

Fixed0.5.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
pyftpdlib(PyPI)	0	0.5.0	N/A

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:S/C:N/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

PARTIAL

References

http://code.google.com/p/pyftpdlib/issues/detail?id=71
http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
http://code.google.com/p/pyftpdlib/source/detail?r=344
http://code.google.com/p/pyftpdlib/source/diff?spec=svn344&r=344&format=side&path=/trunk/pyftpdlib/ftpserver.py

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:S/C:N/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

PARTIAL