[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fw: [RHSA-2001:052-02] FTP iptables vulnerability in 2.4 kernel
This is definitely a netfilter issue. Not just RH7.1 but any 2.4 series
kernel. The netfilter team had a patch for it evan before the SHTF. (I can use
acronyms too) The simplest fix for this is to not use ftp. (ftp bad) The
second fix is to allow related only on tcp port 20 ( or was it 21 ) and then
also ICMP so that you will get port unreachables and other similar messages.
Another way is to not use ftp servers that you don't trust in the first place.
I could go on but this really is not a very big bug.
Disclaimer, I am not the "The" expert.
This is my interpretation of what I have read on the netfilter list.
Dirk
something collides with rotating air mover if you are curious about the acronym.
Richard Zimmerman wrote:
>
> This is interfesting.... Thought you all might like to know...
>
> Goose
>
> ----- Original Message -----
> From: <bugzilla@REDHAT.COM>
> To: <BUGTRAQ@SECURITYFOCUS.COM>
> Sent: Thursday, April 19, 2001 3:00 PM
> Subject: [RHSA-2001:052-02] FTP iptables vulnerability in 2.4 kernel
>
> ---------------------------------------------------------------------
> Red Hat, Inc. Red Hat Security Advisory
>
> Synopsis: FTP iptables vulnerability in 2.4 kernel
> Advisory ID: RHSA-2001:052-02
> Issue date: 2001-04-19
> Updated on: 2001-04-19
> Product: Red Hat Linux
> Keywords: FTP iptables ip_conntrack_ftp
> Cross refere
> Obsoletes:
> ---------------------------------------------------------------------
>
> 1. Topic:
>
> A security hole has been found that does not affect the default
> configuration of Red Hat Linux, but can affect some custom
> configurations of Red Hat Linux 7.1 only. The bug is specific
> to the Linux 2.4 kernel series.
>
> 2. Relevant releases/architectures:
>
> 3. Problem description:
>
> A vulnerability in iptables "RELATED" connection tracking has been
> discovered. When using iptables to allow FTP "RELATED" connections
> through the firewall, carefully constructed PORT commands can open
> arbitrary holes in the firewall.
>
> The iptables system is included in the 2.4 kernel series, but not in
> the earlier 2.2 kernel series used in Red Hat Linux 6.x and Red Hat
> Linux 7.0.
>
> Red Hat Linux 7.1 uses a 2.4 kernel and provides the ip_conntrack_ftp
> module that has this bug. However, Red Hat Linux does not currently
> configure iptables (the default firewall configuration uses ipchains
> instead), so unless you have explicitly configured iptables and
> enabled FTP "RELATED" connections through the firewall, you are not
> vulnerable to attack.
>
> 4. Solution:
>
> Red Hat will be releasing a kernel with this and other bugs fixed
> shortly. In the meantime, we strongly recommend that users of
> iptables not allow FTP "RELATED" connections.
>
> 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
>
> 6. RPMs required:
>
> 7. Verification:
>
> MD5 sum Package Name
> --------------------------------------------------------------------------
>
> These packages are GPG signed by Red Hat, Inc. for security. Our key
> is available at:
> http://www.redhat.com/corp/contact.html
>
> You can verify each package with the following command:
> rpm --checksig <filename>
>
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the md5sum with the following command:
> rpm --checksig --nogpg <filename>
>
> 8. References:
>
> http://www.tempest.com.br/advisories/01-2001.html
> http://www.securityfocus.com/templates/archive.pike?list=1&mid=177070
> http://slashdot.org/comments.pl?sid=01/04/19/047249&cid=36
>
> Copyright(c) 2000, 2001 Red Hat, Inc.