Miggo Logo
Miggo Vulnerability Database
CVE-2007-6741

CVE-2007-6741:
Improper privilege management in pyftpdlib

6.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2007-6741
GHSA ID
GHSA-8xgx-75qw-6268
EPSS Score
0.68683%
CWE
CWE-269
Published
5/1/2022
Updated
10/14/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
pyftpdlibpip< 0.2.00.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly names ftp_PORT in FTPServer.py as the vulnerable function. The core issue was improper validation of privileged ports when IP addresses matched, which aligns with: 1) CVE description mentioning FTP bounce attacks via crafted PORT commands 2) References to RFC 2577 recommendations about port validation 3) Historical issue #11 discussing the missing privileged port check 4) The fix in version 0.2.0 would logically involve adding port validation in this function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *tp_PORT *un*tion in *TPS*rv*r.py in py*tp*li* ***or* *.*.* *o*s not pr*v*nt T*P *onn**tions to privil**** ports i* t** **stin*tion IP ***r*ss m*t***s t** sour** IP ***r*ss o* t** *onn**tion *rom t** *TP *li*nt, w*i** mi**t *llow r*mot* *ut**nti*

Reasoning

T** vuln*r**ility **s*ription *xpli*itly n*m*s `*tp_PORT` in `*TPS*rv*r.py` *s t** vuln*r**l* *un*tion. T** *or* issu* w*s improp*r `v*li**tion` o* privil**** ports w**n IP ***r*ss*s m*t****, w*i** *li*ns wit*: *) *V* **s*ription m*ntionin* `*TP` *ou