Home page logo

bugtraq logo Bugtraq mailing list archives

Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty)
From: bre () NETVERJAR IS (Bjarni R. Einarsson)
Date: Mon, 20 Mar 2000 14:33:28 +0100

Hi all,

(This is a copy of a message I sent to the linux-kernel list.)

Attached is a patch I created to address the "extended FTP ALG"
vulnerability discussed on Bugtraq in the past few days (there's an URL in
the patch comments).  It prevents bogus (and legitimate) PORT commands from
creating backward tunnels to ports below 1024, and to a (short) list of
user-defined ports.

I've tested the patch with Linux 2.2.13, with help from the ftpd-ozone
program by Dug Song (http://www.monkey.org/~dugsong/ftpd-ozone.c.txt).
People who want to test this themselves should take note that the port
number reported by ftpd-ozone is one below the hole opened by ip_masq_ftp.

I realize this patch isn't perfect, but it's probably better than nothing.
Sorry for the waste of bandwidth if this has already been addressed.

AFAIK the ftp masquerading code hasn't changed much since 2.0.x, so this
patch may be applicable to older kernels as well.

Please Cc: any replies to me, I'm not subscribed to linux-kernel.  Any
feedback on this patch is appreciated.

Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
 bre () netverjar is               -><-            http://bre.klaki.net/

Netverjar gegn ruslp├│sti: http://www.netverjar.is/baratta/ruslpostur/

<LI>text/plain attachment: ip_masq_ftp.2000-03-20.diff

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]