Bugtraq mailing list archives
Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty)
From: bre () NETVERJAR IS (Bjarni R. Einarsson)
Date: Mon, 20 Mar 2000 14:33:28 +0100
Hi all, (This is a copy of a message I sent to the linux-kernel list.) Attached is a patch I created to address the "extended FTP ALG" vulnerability discussed on Bugtraq in the past few days (there's an URL in the patch comments). It prevents bogus (and legitimate) PORT commands from creating backward tunnels to ports below 1024, and to a (short) list of user-defined ports. I've tested the patch with Linux 2.2.13, with help from the ftpd-ozone program by Dug Song (http://www.monkey.org/~dugsong/ftpd-ozone.c.txt). People who want to test this themselves should take note that the port number reported by ftpd-ozone is one below the hole opened by ip_masq_ftp. I realize this patch isn't perfect, but it's probably better than nothing. Sorry for the waste of bandwidth if this has already been addressed. AFAIK the ftp masquerading code hasn't changed much since 2.0.x, so this patch may be applicable to older kernels as well. Please Cc: any replies to me, I'm not subscribed to linux-kernel. Any feedback on this patch is appreciated. -- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 bre () netverjar is -><- http://bre.klaki.net/ Netverjar gegn ruslpósti: http://www.netverjar.is/baratta/ruslpostur/ <HR NOSHADE> <UL> <LI>text/plain attachment: ip_masq_ftp.2000-03-20.diff </UL>
Current thread:
- Fwd: ircii-4.4 buffer overflow, (continued)
- Fwd: ircii-4.4 buffer overflow bladi (Feb 07)
- Re: Fwd: ircii-4.4 buffer overflow Derek Callaway (Mar 11)
- Re: RealPlayer and Comet Cursor pedward () WEBCOM COM (Mar 09)
- The Comet Cursor Sarah MacArthur (Mar 09)
- Network File Resource Vulnerability Eric Hacker (Mar 09)
- Re: Network File Resource Vulnerability David LeBlanc (Mar 11)
- misc. cross site scripting issues Marc Slemko (Mar 12)
- a few bugs ... Maurycy Prodeus (Mar 13)
- Re: a few bugs ... Thomas Roessler (Mar 15)
- Re: a few bugs ... Michal Zalewski (Mar 17)
- Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty) Bjarni R. Einarsson (Mar 20)
- Microsoft Security Bulletin (MS00-018 Microsoft Product Security (Mar 20)
- Re: a few bugs ... Coke (Mar 20)
- Re: a few bugs ... Daniel Jacobowitz (Mar 20)
- Re: a few bugs ... Michal Zalewski (Mar 20)
- DoS with NAVIEG PAUL VanDyke (Mar 17)
- [ANNOUNCE] strace for NT tsabin () RAZOR BINDVIEW COM (Mar 13)
- Linux patch for blocking buffer overflow based attacks massimo () IAC RM CNR IT (Mar 10)
- ICQ remote DoS Philip Stoev (Mar 10)