Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-SCO.23-ftpd allows data connection hijacking via PASV mode

CSSA-2002-SCO.23-ftpd allows data connection hijacking via PASV mode

by Nikola Strahija on June 2nd, 2002 In FTP PASV mode, the client makes a control connection to the FTP server (typically port 21/tcp) and requests a PASV data connection. The server responds by listening for client connections on a specified port number, which is supplied to the client via the control connection. If an attacker can make a connection to the listening port before the client connects, the server will transmit the data to the attacker instead of the client.


To exploit this vulnerability, the attacker must intercept or
guess the port number that the server will use, then make its
connection attempt before the client establishes a data
connection. If the server chooses port numbers using an easily
identifiable pattern (such as incrementally), this
vulnerability is trivial to exploit.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
Open UNIX 8.0.0 /usr/sbin/in.ftpd
UnixWare 7.1.1 /usr/sbin/in.ftpd


3. Solution

The proper solution is to install the latest packages.


4. Open UNIX 8.0.0

4.1 Location of Fixed Binaries

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.23


4.2 Verification

MD5 (erg501602b.pkg.Z) = e25467ff65349f5f388698fdd39161b5

md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download erg501602b.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg501602b.pkg.Z
# pkgadd -d /var/spool/pkg/erg501602b.pkg


5. UnixWare 7.1.1

5.1 Location of Fixed Binaries

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.23


5.2 Verification

MD5 (erg501602b.pkg.Z) = e25467ff65349f5f388698fdd39161b5

md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/


5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download erg501602b.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg501602b.pkg.Z
# pkgadd -d /var/spool/pkg/erg501602b.pkg


6. References

Specific references for this advisory:
http://www.kb.cert.org/vuls/id/2558

Caldera UNIX security resources:
http://stage.caldera.com/support/security/

Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html

This security fix closes Caldera incidents sr863902, fz520882,
erg501602.


7. Disclaimer

Caldera International, Inc. is not responsible for the
misuse of any of the information we provide on this website
and/or through our security advisories. Our advisories are
a service to our customers intended to promote secure
installation and use of Caldera products.

______________________________________________________________________________


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »