On Thu, 30 May 2002 security@caldera.com wrote: > 1. Problem Description > > In FTP PASV mode, the client makes a control connection to the > FTP server (typically port 21/tcp) and requests a PASV data > connection. The server responds by listening for client > connections on a specified port number, which is supplied to > the client via the control connection. If an attacker can make > a connection to the listening port before the client connects, > the server will transmit the data to the attacker instead of > the client. It is also possible to hijack data connection while using active mode. The only difference is that the attacker need to connect to the listening port on the client machine. I posted information about this to vuln-dev list two years ago. Go and read: http://lists.insecure.org/vuln-dev/2000/Jul/0269.html Anyways, where can I find information about how You patched that particular vulnerability? --- Tomasz Grabowski (0-91)4494234 Akademickie Centrum Informatyki mailto:cadence@apollo.aci.com.pl
