| |
|
|
NetBSD Information for VU#328867
Vendor StatementI've done some more testing of the proxy and have come to the conclusion that whilst the proxy in ipfilter currently shipped may be vulnerable to the attack described by cert, I don't have an FTP daemon which responds in a manner that makes the attack possible. I've tested against Solaris, SunOS4 and NetBSD. The proxy in 3.4.29 drops the packets that cause the problem with this exploit. I've tested IPFilter 3.4.27 (same as in -current and is scheduled for 1.6). Whilst this version does allow the sel-ack'd 227 back through, it does not appear to create the necessary state/nat sessions to allow the second data connection through. In short, IPFilter 3.4.27 does not appear to be vulnerable to *this* exploit. It may be possible to write others which are, but the FTP proxy in IPFilter will progressively become stricter in what it allows, further narrowing opportunities to exploit it in this kind of manner (as can already be seen with 3.4.29.)
[Darren Reed] ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc http://www.kb.cert.org/vuls/id/AAMN-5EQPEF http://www.kb.cert.org/vuls/id/AAMN-5ERQF6
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
 | |||||||||||||||||||
 |
||||||||||||||||||||||
