Pyftpd.Multiple.Vulnerabilities
Description
pyftpd is a multithreaded FTP daemon written in Python, featuring an advanced permission scheme, upload/download speed throttling, GUI configuration, an internal database of users, and more.
Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information. (CVE-2010-2072)
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server. (CVE-2010-2073)
Affected Products
pyftpd version 0.8.4
Impact
The vulnerabilities would allow local users to cause a denial of service, or read arbitrary files from the FTP server.
Recommended Actions
Please update to the latest version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |