CVE-2007-6736 Information

Description

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST (2) STOR or (3) RETR command.

Reference

http://code.google.com/p/pyftpdlib/issues/detail?id=9 http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY http://code.google.com/p/pyftpdlib/source/detail?r=16 http://code.google.com/p/pyftpdlib/source/diff?spec=svn16&r=16&format=side&path=/trunk/pyftpdlib/FTPServer.py