[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] iptables security hole

To: linux-security
Subject: [linux-security] iptables security hole
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 3 May 2001 18:31:11 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
security hole in iptables (2.4.x kernels)

Problem Description
===================
A vulnerability in iptables "RELATED" connection tracking has been
discovered.  When using iptables to allow FTP "RELATED" connections
through the firewall, carefully constructed PORT commands can open
arbitrary holes in the firewall.
  
The iptables system is included in the 2.4 kernel series, but not in
the earlier 2.2.x kernel series.

Affected Systems
================
Systems that use a 2.4.x kernel and have iptables configured.

Red Hat Linux 7.1 uses a 2.4 kernel and provides the ip_conntrack_ftp
module that has this bug.  However, Red Hat Linux does not currently
configure iptables (the default firewall configuration uses ipchains
instead), so unless you have explicitly configured iptables and
enabled FTP "RELATED" connections through the firewall, you are not
vulnerable to attack.

Workaround
==========
Users of iptables should coinfigure it so that it does not allow
FTP "RELATED" connections.

Solution
========
None so far. RedHat announced that it will be releasing a kernel with this
and other bugs fixed shortly.

Follow-Ups:
- Re: [linux-security] iptables security hole
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] insecure creation of swap files in RH 7.1
Next by Date: [linux-security] local root exploit in sendfile
Prev by thread: [linux-security] local root exploit in sendfile
Next by thread: Re: [linux-security] iptables security hole
Index(es):
- Date
- Thread