Pyftpd.Multiple.Vulnerabilities

description-logoDescription

pyftpd is a multithreaded FTP daemon written in Python, featuring an advanced permission scheme, upload/download speed throttling, GUI configuration, an internal database of users, and more.
Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information. (CVE-2010-2072)
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server. (CVE-2010-2073)

affected-products-logoAffected Products

pyftpd version 0.8.4

Impact logoImpact

The vulnerabilities would allow local users to cause a denial of service, or read arbitrary files from the FTP server.

recomended-action-logoRecommended Actions

Please update to the latest version.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)