Firewall Wizards mailing list archives
Update on the "Multiple Firewalls FTP PASV" vulnerability
From: Mikael Olsson <mikael.olsson () enternet se>
Date: Fri, 03 Mar 2000 20:55:05 +0100
For those of you who do not follow bugtraq: The "Multiple Firewalls FTP PASV" vulnerability outlined in my post: http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-02-8&msg=389FEB7B.AA290CC7 () enternet se and confirmed by John McDonald and Thomas Lopatic of Dataprotect for Checkpoing Firewall-1: http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-02-8&msg=38A1B2D9.3B244FAB () dataprotect com apparently also penetrates Cisco PIX (version unknown): http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-29&msg=Pine.LNX.4.20.0003020940020.14453-100000 () acid ch pw edu pl And let me reiterate: This vulnerability is likely to affect all stateful inspection firewalls with FTP "ALG"s that do not completely reassemble the TCP stream. ... speaking of which... shouldn't firewalls that look at the application layer packet by packet instead be claiming "Application Layer Inspectors" or "Appliction Layer Filters" rather than "Application Layer Gateways"... ? Take care, all /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50 Mobile: +46 (0)70 66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Update on the "Multiple Firewalls FTP PASV" vulnerability Mikael Olsson (Mar 05)
- <Possible follow-ups>
- Re: Update on the "Multiple Firewalls FTP PASV" vulnerability dwelch (Mar 06)