ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pyftpdlib | G.rodola | * | 0.5.1 (including) |
Pyftpdlib | G.rodola | 0.1 (including) | 0.1 (including) |
Pyftpdlib | G.rodola | 0.1.1 (including) | 0.1.1 (including) |
Pyftpdlib | G.rodola | 0.2.0 (including) | 0.2.0 (including) |
Pyftpdlib | G.rodola | 0.3.0 (including) | 0.3.0 (including) |
Pyftpdlib | G.rodola | 0.4.0 (including) | 0.4.0 (including) |
Pyftpdlib | G.rodola | 0.5.0 (including) | 0.5.0 (including) |