Bugtraq mailing list archives

Re: HTML Form Protocol Attack

From: Gustavo Molina <gustavobt () molina com br>
Date: Thu, 16 Aug 2001 00:30:49 -0300

On Wed, 15 Aug 2001 23:48:19 -0300 (SPO) , Barnaby Gray <bgrg2 () cam ac uk>
(Barnaby Gray) wrote:

You're right, after attempted again I managed to get it to login to my
FTP server, but ftp was not the best protocol to try it on considering
the way data back from the server is sent, which there's no way of
fiddling.


I believe using this attack it may be possible to remotely open a netfilter
(iptables) based firewall, if kernel < 2.4.5, using another bug shown in Red Hat
Advisory RHSA-2001:052-02 / Issue date: 2001-04-19. That is, according to the
advisory: 

'A vulnerability in iptables "RELATED" connection tracking has been
discovered. When using iptables to allow FTP "RELATED" connections
through the firewall, carefully constructed PORT commands can open
arbitrary holes in the firewall.'

[]'s
Gustavo Molina
Network Administrator - Sao Paulo - Brazil

Current thread:

HTML Form Protocol Attack Jochen Topf (Aug 15)
- Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
  - Re: HTML Form Protocol Attack Jesse Ruderman (Aug 15)
  - Re: HTML Form Protocol Attack Sevo Stille (Aug 15)
    - Re: HTML Form Protocol Attack Barnaby Gray (Aug 15)
    - Re: HTML Form Protocol Attack Jim Paris (Aug 15)
    - Re: HTML Form Protocol Attack Barnaby Gray (Aug 16)
    - Re: HTML Form Protocol Attack Mark van Walraven (Aug 16)
    - Re: HTML Form Protocol Attack Gustavo Molina (Aug 15)
  - Re: HTML Form Protocol Attack Bruno Treguier (Aug 16)
    - RE: HTML Form Protocol Attack Bennett Samowich (Aug 16)
- <Possible follow-ups>
- RE: HTML Form Protocol Attack Bennett Samowich (Aug 18)