'IDS: New and *serious* security flaw'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ids
Subject:    IDS: New and *serious* security flaw
From:       "Evandro Curvelo Hora - Recife Tiger Team" <ech () cesar ! org ! br>
Date:       2001-04-17 14:16:48
[Download RAW message or body]

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------

Brothers in arms,

A new and *very* serious security flaw in Linux 2.4 IPTables using FTP
PORT...

 * Systems affected: Firewalls using Linux Kernel 2.4.x with IPTables
 * Release date: 14 April 2001
 * Platforms: Linux Kernel 2.4.x
 * Impact: If an attacker can establish an FTP connection passing through
 	   a Linux 2.4.x IPTables firewall with the state options allowing
           "related" connections (almost 100% do), he can insert entries
           into the firewall's RELATED ruleset table allowing the FTP Server
to
           connect to any host and port protected by the firewalls rules,
           including the firewall itself.

 The complete advisory is available at:

 	http://www.tempest.com.br/advisories/01-2001.html

Thanxs,

-Evandro Curvelo Hora
.evandro@cesar.org.br
.Tempest Security Technologies
.The Recife Tiger Team
.CESAR - Centro de Estudos e Sistemas Avançados do Recife

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic