CVE-2021-4189 Python's FTP client has a PASV bug that allows the host to spoof responses.

CVE-2021-4189 Python's FTP client has a PASV bug that allows the host to spoof responses.

Moreover, this vulnerability can be exploited remotely, via a man-in-the-middle attack. A remote attacker can set up a malicious FTP server that can trick clients into connecting back to a given IP address and port. This vulnerability can be exploited to scan ports that are otherwise not possible.

Versions of Python vulnerable to this issue were released between September 11, 2013, and October 9, 2013.

Another flaw was found in Python. The issue is related to how the FTP client library handles the PORT command. The flaw can be exploited to execute arbitrary code on the remote server. This vulnerability can be exploited to install a backdoor on the remote server.

Versions of Python vulnerable to this issue were released between September 12, 2013, and October 22, 2013.

Another flaw was found in Python. The issue is related to how the FTP client library handles the EPSV command. The flaw can be exploited to execute arbitrary code on the remote server. This vulnerability can be exploited to install a backdoor on the remote server.

Versions of Python vulnerable to this issue were released between November 8, 2013, and December 6, 2013.

Another flaw was found in Python. The issue is related to how the FTP client library handles the PORT command. The flaw can be exploited to execute arbitrary code on the remote server. This vulnerability can be exploited to install a backdoor on the remote server.

Versions of Python vulnerable to this issue were released between December

Shell Command Injection

Shell command injection is a computer security vulnerability in which the attacker injects commands into the command line of a running process. This can be done to access privileged information or to launch attacks against other software that relies on standard input or output redirection.

Versions of Python vulnerable to this issue were released between October 22, 2013, and December 6, 2013.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe