Re: Update: Extending the FTP "ALG" vulnerability to any FTP client

[mikael.olsson () ENTERNET SE (Mikael Olsson)]

Darren Reed wrote:
> In some mail from Mikael Olsson, sie said:
> >   * RealAudio/Video (secondary UDP channel)
>
> This can't be exploited in even close to the same way, if the proxy is
> properly implemented.  You might be able to write a java class to exploit
> this from a web server which was waiting more easily than playing funny
> games with URL's in HTML pages...if the web server is evil, having java
> enabled is a big risk.

You're most likely right; I was just listing a couple of apps
that work with secondary data channels. Also, I was in no way
suggesting that this specific FTP vulnerability would affect
RealAudio, hence the section title "The Big Picture".

> >  Workarounds to this specific vulnerability
> > --------------------------------------------
> >
> >   * Disable active FTP. Errrr, wait. The fix for the server side
> >     vulnerability was to disable passive FTP.
>
> Which specific vulnerability was this ?
> And was it a vulnerability or a DoS problem ?

It was the "Multiple firewalls FTP server "PASV" vulnerability"
mentioned in my reference list. Basically does the same thing
- letting people connect to any port - but on FTP servers
instead. The official "fix" was "disable passive FTP". Well,
since the "fix" for this is "disable active FTP"..   ...  :-)

/Mike

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 66 77 636
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se