Firewall Wizards mailing list archives
Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867)
From: Darren Reed <darrenr () reed wattle id au>
Date: Thu, 10 Oct 2002 00:55:40 +1000 (EST)
On behalf of ICSA Labs, I would also like to thank Mikael for working with us to ensure that the vendors in the program had time to address this issue before the exploit was announced. He made sure we understood the issue and took the time to document it thoroughly. This enabled us to give the vendors enough information to reproduce the issue and deliver fixes if needed. It also went a long way in facilitating the initial contact with CERT. It is this type of partnership we welcome and encourage in the future. Brian Monkman
In comparison, being on the other side of CERT for a couple of un-named BSD's, information seemed to flow very badly, if at all. I don't know who's to blame for that but it is not something that made my life easier or more enjoyable. Obviously a case of where trying to use the "correct channels" failed (at least from my perspective.) I look at CERT's information for Sun and it mentions "in.ftpd". Hmmm, maybe I'm wrong to be concerned if Sun are responding to it for in.ftpd and not SunScreen ;-) Back to the information/exploit... The first test program I received didn't even compile, never mind work, the second was better but even having people say (in other forums) that ipfilter was vulnerable, I failed to make it happen no matter who's ftpd I used or whic "suspect" version of IPFilter I used. I guess the ability to declare code vulnerable by inspection doesn't compare to actually doing a real live test On top of that, the note I received mentioned "selective ACK". If you go and lookup what "selective ACK" in TCP is, you'll find information on something completely different to what was done with this "exploit". Sometimes it just sucks big time when working on free projects where you don't get help that's afforded to vendors such as that ISCA obviously made available. Envious? Definately. Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Mikael Olsson (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Paul D. Robertson (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) R. DuFresne (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Paul D. Robertson (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) R. DuFresne (Oct 09)
- Message not available
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Marcus J. Ranum (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) R. DuFresne (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Al Potter (Oct 09)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Paul D. Robertson (Oct 08)
- <Possible follow-ups>
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Darren Reed (Oct 09)