WU-FTPD Development Group Information for VU#2558

File Transfer Protocol allows data connection hijacking via PASV mode race condition

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

This vulnerability was addressed in February 1999 by the WU-FTPD Development Group with the release of WU-FTPD version 2.4.2 Beta 18 VR 14. For more information, please see:


In May 1999, the patched code from version 2.4.2 Beta 18 VR 14 was introduced into WU-FTPD 2.5.0, the first official release to include this code. The latest release of WU-FTP can be obtained from: