[22266] in bugtraq
Re: HTML Form Protocol Attack
daemon@ATHENA.MIT.EDU (Gustavo Molina)
Thu Aug 16 01:44:18 2001
From: Gustavo Molina <gustavobt@molina.com.br>
To: bugtraq@securityfocus.com
Date: Thu, 16 Aug 2001 00:30:49 -0300
Reply-To: gustavobt@molina.com.br
Message-ID: <j7fmnt0e3vs0vm4smnuhchflohui41i30h@4ax.com>
In-Reply-To: <20010816024912.A14332@purple.chu.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
On Wed, 15 Aug 2001 23:48:19 -0300 (SPO) , Barnaby Gray <bgrg2@cam.ac.uk>
(Barnaby Gray) wrote:
>You're right, after attempted again I managed to get it to login to my
>FTP server, but ftp was not the best protocol to try it on considering
>the way data back from the server is sent, which there's no way of
>fiddling.
I believe using this attack it may be possible to remotely open a netfilter
(iptables) based firewall, if kernel < 2.4.5, using another bug shown in Red Hat
Advisory RHSA-2001:052-02 / Issue date: 2001-04-19. That is, according to the
advisory:
'A vulnerability in iptables "RELATED" connection tracking has been
discovered. When using iptables to allow FTP "RELATED" connections
through the firewall, carefully constructed PORT commands can open
arbitrary holes in the firewall.'
[]'s
Gustavo Molina
Network Administrator - Sao Paulo - Brazil
