> ServU FTP Server for Win32 has a Bug that makes it possible to relay > email messages anonymously. As described in the RFC documents for FTP > (959, 1579, 2228) its not recommendet for the service to accept PORT > commands containing target ports above 1024/tcp. Example:
Nice. I'd like to point out that this isn't a new issue per se, but instead a rehash of something discovered by Hobbit, and described in Bugtraq ID 126: http://www.securityfocus.com/bid/126 On another note, in two days, this vuln will be eight years old. I suppose this is an early birthday present. Cheers, Hal Flynn Symantec Corp. http://www.securityfocus.com/unix
