Bugtraq mailing list archives

Re: serious security bug in wu-ftpd v2.4

From: mouse () Holo Rodents Montreal QC CA (der Mouse)
Date: Mon, 6 Jan 1997 07:54:38 -0500

In many instances, the ftpd server gets the SIGPIPE due to the
closed data connection and begins the dologout() procedure.

The data connection is already closed due to the SIGPIPE right ?


Well, no, the server gets SIGPIPE _because_ the data connection is
gone, not the other way around.

No wait.. there are two socket connections if one doesnt use passive
mode ?  Only allowing passive mode filetransfer could also be a
temporary solution to fix this problem.  Correct me if I am wrong.


Sorry; there are two connections open any time there's a data transfer
in progress.  When setting up the data connection, one end does the
listen and one end does the connect, and the difference between PASV
mode and PORT mode is which end does which.

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

Re: serious security bug in wu-ftpd v2.4 Rene Janssen (Jan 04)
- <Possible follow-ups>
- Re: serious security bug in wu-ftpd v2.4 der Mouse (Jan 06)