WU-FTPD Development Group Information for VU#2558

File Transfer Protocol allows data connection hijacking via PASV mode race condition



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



This vulnerability was addressed in February 1999 by the WU-FTPD Development Group with the release of WU-FTPD version 2.4.2 Beta 18 VR 14. For more information, please see:

In May 1999, the patched code from version 2.4.2 Beta 18 VR 14 was introduced into WU-FTPD 2.5.0, the first official release to include this code. The latest release of WU-FTP can be obtained from: