Moderate severityNVD Advisory· Published Oct 19, 2010· Updated Apr 29, 2026

CVE-2007-6741

Description

The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pyftpdlibPyPI	< 0.2.0	0.2.0

Affected products

G.rodola/Pyftpdlib2 versions
cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*range: <=0.1.1
- cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-8xgx-75qw-6268ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2007-6741ghsaADVISORY
code.google.com/p/pyftpdlib/issues/detailnvdWEB
code.google.com/p/pyftpdlib/source/browse/trunk/HISTORYnvdWEB
code.google.com/p/pyftpdlib/source/detailnvdWEB
code.google.com/p/pyftpdlib/source/diffnvdWEB
github.com/giampaolo/pyftpdlib/issues/11ghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-25.yamlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000