En: FireWall-1 FTP Server Vulnerability
Tue, 15 Feb 2000 14:39:26 +1100
In message <002201bf7761$73b2e460$37c86a8f@default> you write:
> Hi Rusty,
> I also saw that iptables (state match) using ftp conntrack has this
> problem. I think that Dareen's Ipfilter is vulnerable too.
It's been on the TODO list for some time, and was reported by Peter
Benie > 6 months ago. The simple workaround (the one I plan on
implementing) is to track the last CR, and ensure that it occurred
before the `227'.
Thanks for the heads-up though,