Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Update: Extending the FTP "ALG" vulnerability to any FTP client
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Wed, 15 Mar 2000 09:02:53 +0100

Darren Reed wrote:

In some mail from Mikael Olsson, sie said:

  * RealAudio/Video (secondary UDP channel)

This can't be exploited in even close to the same way, if the proxy is
properly implemented.  You might be able to write a java class to exploit
this from a web server which was waiting more easily than playing funny
games with URL's in HTML pages...if the web server is evil, having java
enabled is a big risk.

You're most likely right; I was just listing a couple of apps
that work with secondary data channels. Also, I was in no way
suggesting that this specific FTP vulnerability would affect
RealAudio, hence the section title "The Big Picture".

 Workarounds to this specific vulnerability

  * Disable active FTP. Errrr, wait. The fix for the server side
    vulnerability was to disable passive FTP.

Which specific vulnerability was this ?
And was it a vulnerability or a DoS problem ?

It was the "Multiple firewalls FTP server "PASV" vulnerability"
mentioned in my reference list. Basically does the same thing
- letting people connect to any port - but on FTP servers
instead. The official "fix" was "disable passive FTP". Well,
since the "fix" for this is "disable active FTP"..   ...  :-)


Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 66 77 636
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]