Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
Mar 04 2010 05:19PM
Sabahattin Gucukoglu (mail sabahattin-gucukoglu com)
The FTP proxy used in Apple's Airport Express, Airport Extreme, Time Capsule and possibly elsewhere doesn't check the client provided address and port given by the FTP PORT command against the IP address of the connecting client, or against the use of privileged ports. (The FTP PORT command is used...
[ more ]
Copyright 2010, SecurityFocus