mailing list archives
Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty)
From: bre () NETVERJAR IS (Bjarni R. Einarsson)
Date: Mon, 20 Mar 2000 14:33:28 +0100
(This is a copy of a message I sent to the linux-kernel list.)
Attached is a patch I created to address the "extended FTP ALG"
vulnerability discussed on Bugtraq in the past few days (there's an URL in
the patch comments). It prevents bogus (and legitimate) PORT commands from
creating backward tunnels to ports below 1024, and to a (short) list of
I've tested the patch with Linux 2.2.13, with help from the ftpd-ozone
program by Dug Song (http://www.monkey.org/~dugsong/ftpd-ozone.c.txt).
People who want to test this themselves should take note that the port
number reported by ftpd-ozone is one below the hole opened by ip_masq_ftp.
I realize this patch isn't perfect, but it's probably better than nothing.
Sorry for the waste of bandwidth if this has already been addressed.
AFAIK the ftp masquerading code hasn't changed much since 2.0.x, so this
patch may be applicable to older kernels as well.
Please Cc: any replies to me, I'm not subscribed to linux-kernel. Any
feedback on this patch is appreciated.
Bjarni R. Einarsson PGP: 02764305, B7A3AB89
bre () netverjar is -><- http://bre.klaki.net/
Netverjar gegn ruslpósti: http://www.netverjar.is/baratta/ruslpostur/
<LI>text/plain attachment: ip_masq_ftp.2000-03-20.diff
TESO advisory -- atsadc krahmer () CS UNI-POTSDAM DE (Mar 11)
Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor Brian Knotts (Mar 13)