[14316] in bugtraq
Re: Update: Extending the FTP "ALG" vulnerability to any FTP
daemon@ATHENA.MIT.EDU (Mikael Olsson)
Fri Mar 17 00:12:28 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <38CF43AD.5670727E@enternet.se>
Date: Wed, 15 Mar 2000 09:02:53 +0100
Reply-To: Mikael Olsson <mikael.olsson@ENTERNET.SE>
From: Mikael Olsson <mikael.olsson@ENTERNET.SE>
X-To: Darren Reed <avalon@coombs.anu.edu.au>
To: BUGTRAQ@SECURITYFOCUS.COM
Darren Reed wrote:
>
> In some mail from Mikael Olsson, sie said:
> >
> > * RealAudio/Video (secondary UDP channel)
>
> This can't be exploited in even close to the same way, if the proxy is
> properly implemented. You might be able to write a java class to exploit
> this from a web server which was waiting more easily than playing funny
> games with URL's in HTML pages...if the web server is evil, having java
> enabled is a big risk.
You're most likely right; I was just listing a couple of apps
that work with secondary data channels. Also, I was in no way
suggesting that this specific FTP vulnerability would affect
RealAudio, hence the section title "The Big Picture".
> > Workarounds to this specific vulnerability
> > --------------------------------------------
> >
> > * Disable active FTP. Errrr, wait. The fix for the server side
> > vulnerability was to disable passive FTP.
>
> Which specific vulnerability was this ?
> And was it a vulnerability or a DoS problem ?
It was the "Multiple firewalls FTP server "PASV" vulnerability"
mentioned in my reference list. Basically does the same thing
- letting people connect to any port - but on FTP servers
instead. The official "fix" was "disable passive FTP". Well,
since the "fix" for this is "disable active FTP".. ... :-)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 VRNSKVLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 66 77 636
WWW: http://www.enternet.se E-mail: mikael.olsson@enternet.se
