Vulnerability Description
IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Darren Reed | Ipfilter | 3.1.1 |
Related Weaknesses (CWE)
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc
- http://securitytracker.com/id?1005442Patch
- http://www.iss.net/security_center/static/10409.phpPatch
- http://www.kb.cert.org/vuls/id/328867US Government Resource
- http://www.securityfocus.com/bid/6010Patch
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc
- http://securitytracker.com/id?1005442Patch
- http://www.iss.net/security_center/static/10409.phpPatch
- http://www.kb.cert.org/vuls/id/328867US Government Resource
- http://www.securityfocus.com/bid/6010Patch
FAQ
What is CVE-2002-1978?
CVE-2002-1978 is a vulnerability with a CVSS score of 7.5 (HIGH). IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that con...
How severe is CVE-2002-1978?
CVE-2002-1978 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1978?
Check the references section above for vendor advisories and patch information. Affected products include: Darren Reed Ipfilter.