CVE-2002-1978

Name of the Vulnerable Software and Affected Versions IPFilter versions 3.1.1 through 3.4.28

Description The issue allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server. This generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.

Recommendations For IPFilter versions 3.1.1 through 3.4.28, consider restricting access to the FTP server to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the PASV command in the FTP server configuration until the issue is resolved.