CVE-2008-7264 Information

Description

The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.

Reference

http://code.google.com/p/pyftpdlib/issues/detail?id=71 http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY http://code.google.com/p/pyftpdlib/source/detail?r=344 http://code.google.com/p/pyftpdlib/source/diff?spec=svn344&r=344&format=side&path=/trunk/pyftpdlib/ftpserver.py