Closed Bug 373654 Opened 18 years ago Closed 18 years ago

Response to FTP's PASV command can be used to circumvent port blocking

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Version:
1.8 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 370559

People

(Reporter: jwkbugzilla, Unassigned)

References

(
URL
)

Details

This vulnerability has been reported on http://bindshell.net/papers/ftppasv. If you connect to a manipulated FTP server it can send a response like "227 Entering Passive Mode (192,168,0,1,84,149)" thus tricking you into port scanning on the intranet even though port 149 is supposed to be out of bounds (http://www.mozilla.org/projects/netlib/PortBanning.html).
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.