Bug 36820 - Security flaw in Linux 2.4 IPTables using FTP port
Security flaw in Linux 2.4 IPTables using FTP port
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
7.1
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Michael K. Johnson
Brock Organ
http://www.tempest.com.br/advisories/...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-04-20 09:13 EDT by Rob McMillin
Modified: 2007-03-26 23:43 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-04-20 10:41:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rob McMillin 2001-04-20 09:13:18 EDT
From the website above:

If an attacker can establish an FTP connection passing through a Linux
2.4.x IPTables
firewall with the state options allowing "related" connections (almost 100%
do), he can insert
entries into the firewall's RELATED ruleset table allowing the FTP Server
to connect to any host and port protected by the firewalls rules, including
the firewall itself. 

====

You probably already have this but I can't find it as a security-level bug
in the kernel. Hope this isn't a duplicate (probably is -- this appeared on
http://www.slashdot.org as a featured story).
Comment 1 Arjan van de Ven 2001-04-20 09:19:42 EDT
This is a known issue and an advisory will be made public any time now (if it
isn't out already). It comes down to: default installs are NOT vulnerable.
Only if you change from ipchains to iptables and then select FTP NAT with the
'related' feature there is a problem. That is a "don't do that then" for now.
Comment 2 Arjan van de Ven 2001-04-26 07:41:16 EDT
http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D3231

has the advisory for a while now; I'm not sure why our own site doesn't show it.

Note You need to log in before you can comment on or make changes to this bug.