Psftpd
CVE-2017-15269
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server.
AnalysisAI
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-610. The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server. Affected products include: Psftp Psftpd.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. Rated medium severi
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) f
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. Rated medium severity (CVSS 5.3), this vu
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today