[3894] in bugtraq
Re: serious security bug in wu-ftpd v2.4
daemon@ATHENA.MIT.EDU (der Mouse)
Mon Jan 6 12:54:59 1997
Date: Mon, 6 Jan 1997 07:54:38 -0500
Reply-To: der Mouse <mouse@Holo.Rodents.Montreal.QC.CA>
From: der Mouse <mouse@Holo.Rodents.Montreal.QC.CA>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
>> In many instances, the ftpd server gets the SIGPIPE due to the
>> closed data connection and begins the dologout() procedure.
> The data connection is already closed due to the SIGPIPE right ?
Well, no, the server gets SIGPIPE _because_ the data connection is
gone, not the other way around.
> No wait.. there are two socket connections if one doesnt use passive
> mode ? Only allowing passive mode filetransfer could also be a
> temporary solution to fix this problem. Correct me if I am wrong.
Sorry; there are two connections open any time there's a data transfer
in progress. When setting up the data connection, one end does the
listen and one end does the connect, and the difference between PASV
mode and PORT mode is which end does which.
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
