During a normal FTP session, a PORT command can be executed to specify the clients IP address and port for the data channel from the FTP server to the client for any following data requests. Since it is possible for the user to specify any IP address and port in this command, the user can effectively use the FTP server to perform a port scan on the clients behalf. This hotfix verifies that the IP address and port specified in a PORT command are appropriate to the current session in inbound and outbound ftp sessions. If the command is considered invalid, the ISA Server will respond with 500 invalid PORT command.
This version is the first release on CNET Download.com.