WU-FTPD Development Group Information for VU#2558
File Transfer Protocol allows data connection hijacking via PASV mode race condition
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
This vulnerability was addressed in February 1999 by the WU-FTPD Development Group with the release of WU-FTPD version 2.4.2 Beta 18 VR 14. For more information, please see:
In May 1999, the patched code from version 2.4.2 Beta 18 VR 14 was introduced into WU-FTPD 2.5.0, the first official release to include this code. The latest release of WU-FTP can be obtained from: