Bug 36659

Summary: Security flaw in IPTables using FTP PORT
Product: [Retired] Red Hat Linux Reporter: Brian Z <brian>
Component: iptablesAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED DUPLICATE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: high    
Version: 7.1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://netfilter.samba.org/security-fix/
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-04-19 14:34:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Brian Z 2001-04-19 14:34:19 UTC 
Information from above URL:

If an attacker can establish an FTP connection passing through a Linux
2.4.x IPTables firewall with the state options allowing "related"
connections (almost 100% do), he can insert entries into the firewall's
RELATED ruleset table allowing the FTP Server to connect to any host and
port protected by the firewalls rules,including the firewall itself.

More information and patch can be found at above URL
Comment 1 Bernhard Rosenkraenzer 2001-04-19 16:41:49 UTC 

*** This bug has been marked as a duplicate of 36580 ***