Reported January 23, 2002, by Arne Vidstrom.
VERSIONS AFFECTED
-
Pi-Soft’s SpoonFTP versions up to and including 1.1.0.0 for Windows 2000, Windows Me, Windows NT, and Windows 9x
DESCRIPTION
A
vulnerability exists in Pi-Soft’s SpoonFTP that can result in an attacker
being able to bounce a connection through the vulnerable server and attack a
third-party host. An intruder can also launch this FTP bounce attack from ports
lower than 1024, to which the attacker typically doesn't have user access.
VENDOR RESPONSE
The vendor, Pi-Soft Consulting, has released version 1.2, which fixes this vulnerability.
CREDIT
Discovered by Arne
Vidstrom.
0 comments
Hide comments