VULHUB ™

The FTP server included with SGI IRIX is vulnerable to hijacking of data connections when PASV mode is in use. When in PASV mode, the server listens on a port when a transfer of data is to occur. The client then connects and the data is transferred. SGI has reported that the ftpd selects predictable PASV mode port numbers. As a result, it is trivial for remote attackers to hijack data connections and retrieve data before the client can.

The FTP server included with SGI IRIX is vulnerable to hijacking of data connections when PASV mode is in use. When in PASV mode, the server listens on a port when a transfer of data is to occur. The client then connects and the data is transferred. SGI has reported that the ftpd selects predictable PASV mode port numbers. As a result, it is trivial for remote attackers to hijack data connections and retrieve data before the client can.