Red Hat Bugzilla – Bug 36820
Security flaw in Linux 2.4 IPTables using FTP port
Last modified: 2007-03-26 23:43:42 EDT
From the website above:
If an attacker can establish an FTP connection passing through a Linux
firewall with the state options allowing "related" connections (almost 100%
do), he can insert
entries into the firewall's RELATED ruleset table allowing the FTP Server
to connect to any host and port protected by the firewalls rules, including
the firewall itself.
You probably already have this but I can't find it as a security-level bug
in the kernel. Hope this isn't a duplicate (probably is -- this appeared on
http://www.slashdot.org as a featured story).
This is a known issue and an advisory will be made public any time now (if it
isn't out already). It comes down to: default installs are NOT vulnerable.
Only if you change from ipchains to iptables and then select FTP NAT with the
'related' feature there is a problem. That is a "don't do that then" for now.
has the advisory for a while now; I'm not sure why our own site doesn't show it.