Bug 36820 - Security flaw in Linux 2.4 IPTables using FTP port
Summary: Security flaw in Linux 2.4 IPTables using FTP port
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Michael K. Johnson
QA Contact: Brock Organ
URL: http://www.tempest.com.br/advisories/...
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-04-20 13:13 UTC by Rob McMillin
Modified: 2007-03-27 03:43 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-04-20 14:41:52 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Rob McMillin 2001-04-20 13:13:18 UTC
From the website above:

If an attacker can establish an FTP connection passing through a Linux
2.4.x IPTables
firewall with the state options allowing "related" connections (almost 100%
do), he can insert
entries into the firewall's RELATED ruleset table allowing the FTP Server
to connect to any host and port protected by the firewalls rules, including
the firewall itself. 


You probably already have this but I can't find it as a security-level bug
in the kernel. Hope this isn't a duplicate (probably is -- this appeared on
http://www.slashdot.org as a featured story).

Comment 1 Arjan van de Ven 2001-04-20 13:19:42 UTC
This is a known issue and an advisory will be made public any time now (if it
isn't out already). It comes down to: default installs are NOT vulnerable.
Only if you change from ipchains to iptables and then select FTP NAT with the
'related' feature there is a problem. That is a "don't do that then" for now.

Comment 2 Arjan van de Ven 2001-04-26 11:41:16 UTC

has the advisory for a while now; I'm not sure why our own site doesn't show it.

Note You need to log in before you can comment on or make changes to this bug.