|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty)
From: Bjarni R. Einarsson (bre
NETVERJAR.IS)Date: Mon Mar 20 2000 - 07:33:28 CST
- Next message: Microsoft Product Security: "Microsoft Security Bulletin (MS00-018"
- Previous message: Daniel Jacobowitz: "Re: a few bugs ..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
(This is a copy of a message I sent to the linux-kernel list.)
Attached is a patch I created to address the "extended FTP ALG"
vulnerability discussed on Bugtraq in the past few days (there's an URL in
the patch comments). It prevents bogus (and legitimate) PORT commands from
creating backward tunnels to ports below 1024, and to a (short) list of
user-defined ports.
I've tested the patch with Linux 2.2.13, with help from the ftpd-ozone
program by Dug Song (http://www.monkey.org/~dugsong/ftpd-ozone.c.txt).
People who want to test this themselves should take note that the port
number reported by ftpd-ozone is one below the hole opened by ip_masq_ftp.
I realize this patch isn't perfect, but it's probably better than nothing.
Sorry for the waste of bandwidth if this has already been addressed.
AFAIK the ftp masquerading code hasn't changed much since 2.0.x, so this
patch may be applicable to older kernels as well.
Please Cc: any replies to me, I'm not subscribed to linux-kernel. Any
feedback on this patch is appreciated.
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 breNetverjar gegn ruslpósti: http://www.netverjar.is/baratta/ruslpostur/
- text/plain attachment: ip_masq_ftp.2000-03-20.diff
- Next message: Microsoft Product Security: "Microsoft Security Bulletin (MS00-018"
- Previous message: Daniel Jacobowitz: "Re: a few bugs ..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]