Bugtraq mailing list archives
Re: FireWall-1 FTP Server Vulnerability
From: razor () LDC RO (Alexandru Popa)
Date: Mon, 14 Feb 2000 22:09:35 +0200
On Sat, 12 Feb 2000 Lars.Troen () MERKANTILDATA NO wrote:
-----Original Message----- From: Check Point Support [mailto:cpsuppor () ts checkpoint com] Sent: 12. februar 2000 06:01 To: fw-1-mailinglist () lists us checkpoint com Subject: [FW1] Check Point News Announcement
[snip]
- For those using stateful inspection of passive FTP, the following patch has been supplied. Patch: The patch consists of a new $FWDIR/lib/base.def file that includes a fix to the problem (the file is compatible with Firewall-1 4.0 SP-5, other platforms will be released as soon as possible). The fix involves an enforcement on the existence of the newline character at the end of each packet on the FTP control connection, this will close off the described vulnerability.
[snip] This would work fine, except that, provided someone could create a directory named (C-syntax) "mtu-padding\r\n227 evil message\r\n" AND change to that dir, a "PWD" would probably happily spit out the message, in a very correct form. Disclaimer: I am no FTP protocol expert, so the dir-making and CWD-ing above might not work. This might also not work if the server quotes its output properly. ------------+------------------------------------------ Alex Popa, |There never was a good war or a bad peace razor () ldc ro| -- B. Franklin ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here."
Current thread:
- Re: FireWall-1 FTP Server Vulnerability Lars.Troen () MERKANTILDATA NO (Feb 12)
- Re: FireWall-1 FTP Server Vulnerability Alexandru Popa (Feb 14)
- Re: FireWall-1 FTP Server Vulnerability monti (Feb 14)
- Re: FireWall-1 FTP Server Vulnerability Henrik Nordstrom (Feb 15)
- DDoS whitepaper Bennett Todd (Feb 17)
- Re: FireWall-1 FTP Server Vulnerability Mikael Olsson (Feb 17)
- Re: FireWall-1 FTP Server Vulnerability Emiliano Kargieman (Feb 18)
- Patch Available for "Site Wizard Input Validation" Vulnerability Microsoft Product Security (Feb 18)
- Re: FireWall-1 FTP Server Vulnerability Dug Song (Feb 18)
- Re: FireWall-1 FTP Server Vulnerability Henrik Nordstrom (Feb 15)
- Re: FireWall-1 FTP Server Vulnerability Borbely Zoltan (Feb 15)
- Re: FireWall-1 FTP Server Vulnerability monti (Feb 17)
- Re: FireWall-1 FTP Server Vulnerability Peter Benie (Feb 16)