Firewall Wizards mailing list archives

Update on the "Multiple Firewalls FTP PASV" vulnerability

From: Mikael Olsson <mikael.olsson () enternet se>
Date: Fri, 03 Mar 2000 20:55:05 +0100


For those of you who do not follow bugtraq:

The "Multiple Firewalls FTP PASV" vulnerability outlined in my post:
http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-02-8&msg=389FEB7B.AA290CC7 () enternet se

and confirmed by John McDonald and Thomas Lopatic of Dataprotect for
Checkpoing Firewall-1:
http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-02-8&msg=38A1B2D9.3B244FAB () dataprotect com

apparently also penetrates Cisco PIX (version unknown):
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-29&msg=Pine.LNX.4.20.0003020940020.14453-100000 
() acid ch pw edu pl

And let me reiterate: This vulnerability is likely to affect all 
stateful inspection firewalls with FTP "ALG"s that do not completely 
reassemble the TCP stream.

... speaking of which... shouldn't firewalls that look at the application
layer packet by packet instead be claiming "Application Layer Inspectors"
or "Appliction Layer Filters" rather than "Application Layer Gateways"... ?

Take care, all
/Mike

-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 66 77 636
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se

Current thread:

Update on the "Multiple Firewalls FTP PASV" vulnerability Mikael Olsson (Mar 05)
- <Possible follow-ups>
- Re: Update on the "Multiple Firewalls FTP PASV" vulnerability dwelch (Mar 06)