[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] iptables security hole
- To: linux-security
- Subject: [linux-security] iptables security hole
- From: Martin Siegert <siegert@sfu.ca>
- Date: Thu, 3 May 2001 18:31:11 -0700
- User-Agent: Mutt/1.2.5i
Topic
=====
security hole in iptables (2.4.x kernels)
Problem Description
===================
A vulnerability in iptables "RELATED" connection tracking has been
discovered. When using iptables to allow FTP "RELATED" connections
through the firewall, carefully constructed PORT commands can open
arbitrary holes in the firewall.
The iptables system is included in the 2.4 kernel series, but not in
the earlier 2.2.x kernel series.
Affected Systems
================
Systems that use a 2.4.x kernel and have iptables configured.
Red Hat Linux 7.1 uses a 2.4 kernel and provides the ip_conntrack_ftp
module that has this bug. However, Red Hat Linux does not currently
configure iptables (the default firewall configuration uses ipchains
instead), so unless you have explicitly configured iptables and
enabled FTP "RELATED" connections through the firewall, you are not
vulnerable to attack.
Workaround
==========
Users of iptables should coinfigure it so that it does not allow
FTP "RELATED" connections.
Solution
========
None so far. RedHat announced that it will be releasing a kernel with this
and other bugs fixed shortly.