[14319] in bugtraq
Re: Update: Extending the FTP "ALG" vulnerability to any FTP
daemon@ATHENA.MIT.EDU (Darren Reed)
Fri Mar 17 00:39:12 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <200003150427.PAA10825@cairo.anu.edu.au>
Date: Wed, 15 Mar 2000 15:27:36 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: mikael.olsson@ENTERNET.SE
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <38CE2D65.5CCE95FD@enternet.se> from "Mikael Olsson" at Mar 14,
2000 01:15:33 PM
In some mail from Mikael Olsson, sie said:
>
> * RealAudio/Video (secondary UDP channel)
This can't be exploited in even close to the same way, if the proxy is
properly implemented. You might be able to write a java class to exploit
this from a web server which was waiting more easily than playing funny
games with URL's in HTML pages...if the web server is evil, having java
enabled is a big risk.
> Workarounds to this specific vulnerability
> --------------------------------------------
>
> * Disable active FTP. Errrr, wait. The fix for the server side
> vulnerability was to disable passive FTP. Let's rephrase that:
Which specific vulnerability was this ?
And was it a vulnerability or a DoS problem ?
oh, FWIW, some people do run ftp servers on non-port 20/21 with the
ftp-data port still one less than the real ftp port.
Darren
