Bugtraq mailing list archives
Re: serious security bug in wu-ftpd v2.4
From: mouse () Holo Rodents Montreal QC CA (der Mouse)
Date: Mon, 6 Jan 1997 07:54:38 -0500
In many instances, the ftpd server gets the SIGPIPE due to the closed data connection and begins the dologout() procedure.
The data connection is already closed due to the SIGPIPE right ?
Well, no, the server gets SIGPIPE _because_ the data connection is gone, not the other way around.
No wait.. there are two socket connections if one doesnt use passive mode ? Only allowing passive mode filetransfer could also be a temporary solution to fix this problem. Correct me if I am wrong.
Sorry; there are two connections open any time there's a data transfer in progress. When setting up the data connection, one end does the listen and one end does the connect, and the difference between PASV mode and PORT mode is which end does which. der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: serious security bug in wu-ftpd v2.4 Rene Janssen (Jan 04)
- <Possible follow-ups>
- Re: serious security bug in wu-ftpd v2.4 der Mouse (Jan 06)