| VID |
16017 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The FTP daemon was found to open ports sequentially when placed into PASV (passive) mode. This could allow an attacker to intercept data channels opened for legitimate connections.
When client issue the PASV command, the FTP server on PASV(passive) mode opens a local port and waits for the client to connect. Once the client connects, the server transmits the file or directory listing the client wanted without checking the source address of the connecting client.
By opening ports in sequential order, it is easy for an attacker to predict the next port that the FTP service will use. Using the vulnerability a malicious attacker connects to that port before original user does, and they retrieve another user's file (In theory this is like session hijacking, but more a file originated version).
* References:
http://www.iss.net/security_center/static/1842.php
http://www.securiteam.com/windowsntfocus/2OUQNQ0RQE.html |
| Recommendation |
Contact your vendor to see if a patch has been made available that addresses this issue. Most modern servers include code to randomize ports opened when using passive mode. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
