Hi all,
Attached is a patch I created to address the "extended FTP ALG"
vulnerability discussed on Bugtraq in the past few days (there's an URL in
the patch comments). It prevents bogus (and legitimate) PORT commands from
creating backward tunnels to ports below 1024, and to a (short) list of
user-defined ports.
I've tested the patch with Linux 2.2.13, with help from the ftpd-ozone
program by Dug Song (http://www.monkey.org/~dugsong/ftpd-ozone.c.txt).
People who want to test this themselves should take note that the port
number reported by ftpd-ozone is one below the hole opened by ip_masq_ftp.
I realize this patch isn't perfect, but it's probably better than nothing.
Sorry for the waste of bandwidth if this has already been addressed.
AFAIK the ftp masquerading code hasn't changed much since 2.0.x, so this
patch may be applicable to older kernels as well.
Please Cc: any replies to me, I'm not subscribed to linux-kernel. Any
feedback on this patch is appreciated.
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 bre@netverjar.is -><- http://bre.klaki.net/Netverjar gegn ruslpósti: http://www.netverjar.is/baratta/ruslpostur/
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Mar 23 2000 - 21:00:29 EST