CVE-2010-2072

Description

Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information.

How to fix CVE-2010-2072

To remediate CVE-2010-2072, upgrade the affected package to a fixed version below.

• Debian/pyftpd—upgrade to 0.8.5 or later

Is CVE-2010-2072 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.8.5

References (4)

• WEBbugs.debian.org/cgi-bin/bugreport.cgi?bug=585773
• WEBexchange.xforce.ibmcloud.com/vulnerabilities/59429
• WEBwww.openwall.com/lists/oss-security/2010/06/13/1
• WEBwww.securityfocus.com/bid/40842