Firewalls using Linux Kernel 2.4.x with IPTables could potentially be compromised as a result of bad logic in the FTP PORT processing. "There is a security flaw in the manner in which the PORT command is interpreted and processed. Essentially, you . . .
Firewalls using Linux Kernel 2.4.x with IPTables could potentially be compromised as a result of bad logic in the FTP PORT processing. "There is a security flaw in the manner in which the PORT command is interpreted and processed. Essentially, you can pass any IP/port in an FTP PORT commmand, and the module will not validate these parameters, adding an entry to the RELATED ruleset allowing connections from the FTP server, any source port, to the specified destination IP and port. In most cases, people make stringent security rules and have lax firewall rules regarding RELATED connections, allowing the attacker to connect to anywhere.

This can be used, for example, for the FTP server to connect to any TCP port on the firewall, or any other node protected by the firewall. Even though there may be rules normally denying this type of traffic, it would pass through the firewall, because of the rule allowing RELATED. The attacker does not even need to have a valid login in the FTP server, as the PORT command is interpreted by the module independently of any authentication procedures (USER and PASS)."

The link for this article located at Tempest Security is no longer available.