Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310801614
HistoryOct 28, 2010 - 12:00 a.m.

pyftpdlib FTP Server Denial of Service Vulnerability

2010-10-2800:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
8

6.4 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

pyftpdlib FTP server is prone to a denial of service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.801614");
  script_version("2023-07-28T16:09:07+0000");
  script_tag(name:"last_modification", value:"2023-07-28 16:09:07 +0000 (Fri, 28 Jul 2023)");
  script_tag(name:"creation_date", value:"2010-10-28 11:50:37 +0200 (Thu, 28 Oct 2010)");
  script_cve_id("CVE-2009-5010");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_name("pyftpdlib FTP Server Denial of Service Vulnerability");
  script_xref(name:"URL", value:"http://code.google.com/p/pyftpdlib/issues/detail?id=91");
  script_xref(name:"URL", value:"http://code.google.com/p/pyftpdlib/source/detail?r=439");
  script_xref(name:"URL", value:"http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY");
  script_tag(name:"qod_type", value:"remote_banner");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_family("FTP");
  script_dependencies("gb_pyftpdlib_detect.nasl");
  script_mandatory_keys("pyftpdlib/Ver");

  script_tag(name:"impact", value:"Successful exploitation will allow attacker to cause a denial of service.");
  script_tag(name:"affected", value:"ftpserver.py in pyftpdlib before 0.5.1");
  script_tag(name:"insight", value:"The flaw is due to race condition in the FTPHandler class, which allows
  remote attackers to cause a denial of service by establishing and then
  immediately closing a TCP connection, leading to the accept function having
  an unexpected return value of None.");
  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"solution", value:"Upgrade to pyftpdlib version 0.5.2 or later.");
  script_tag(name:"summary", value:"pyftpdlib FTP server is prone to a denial of service (DoS) vulnerability.");

  script_xref(name:"URL", value:"http://code.google.com/p/pyftpdlib/downloads/list");
  exit(0);
}


include("version_func.inc");

ver = get_kb_item("pyftpdlib/Ver");

if(ver != NULL)
{
  if(version_is_less(version:ver, test_version:"0.5.1")) {
     report = report_fixed_ver(installed_version:ver, fixed_version:"0.5.1");
     security_message(port: 0, data: report);
  }
}

Related

openvas 1
prion 1
cve 1
osv 2
cvelist 1
github 1
debiancve 1
openvas
openvas
pyftpdlib FTP Server Denial of Service Vulnerability
2010-10-28 00:00:00
prion
prion
Race condition
2010-10-19 20:00:00
cve
cve
CVE-2009-5010
2010-10-19 20:00:00
osv
osv
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
2022-05-02 04:00:27
PYSEC-2010-7
2010-10-19 20:00:00
cvelist
cvelist
CVE-2009-5010
2022-10-03 16:24:01
github
github
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
2022-05-02 04:00:27
debiancve
debiancve
CVE-2009-5010
2010-10-19 20:00:00

6.4 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON
Related for OPENVAS:1361412562310801614
openvas1prion1cve1osv2cvelist1github1debiancve1