|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tomasz Grabowski (cadence
apollo.aci.com.pl)Date: Mon Jun 03 2002 - 11:56:57 CDT
On Thu, 30 May 2002 securitycaldera.com wrote:
> 1. Problem Description
>
> In FTP PASV mode, the client makes a control connection to the
> FTP server (typically port 21/tcp) and requests a PASV data
> connection. The server responds by listening for client
> connections on a specified port number, which is supplied to
> the client via the control connection. If an attacker can make
> a connection to the listening port before the client connects,
> the server will transmit the data to the attacker instead of
> the client.
It is also possible to hijack data connection while using active mode. The
only difference is that the attacker need to connect to the listening port
on the client machine.
I posted information about this to vuln-dev list two years ago.
Go and read:
http://lists.insecure.org/vuln-dev/2000/Jul/0269.html
Anyways, where can I find information about how You patched that
particular vulnerability?
--- Tomasz Grabowski (0-91)4494234 Akademickie Centrum Informatyki mailto:cadence
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]