VULHUB ™

The FTP server included with Caldera Open UNIX and Unixware is vulnerable to hijacking of data connections when PASV mode is in use. When in PASV mode, the server listens on a port when a transfer of data is to occur. The client then connects and the data is transferred. Caldera has reported that the Open UNIX/Unixware ftpd selects predictable PASV mode port numbers. As a result, it is trivial for remote attackers to hijack data connections and retrieve data before the client can.

The FTP server included with Caldera Open UNIX and Unixware is vulnerable to hijacking of data connections when PASV mode is in use. When in PASV mode, the server listens on a port when a transfer of data is to occur. The client then connects and the data is transferred. Caldera has reported that the Open UNIX/Unixware ftpd selects predictable PASV mode port numbers. As a result, it is trivial for remote attackers to hijack data connections and retrieve data before the client can.