En: FireWall-1 FTP Server Vulnerability

[Rusty Russell]

In message <002201bf7761$73b2e460$37c86a8f@default> you write:
> Hi Rusty,
> 
>      I also saw that iptables (state match) using ftp conntrack has this
> problem. I think that Dareen's Ipfilter is vulnerable too.
> Regards,

It's been on the TODO list for some time, and was reported by Peter
Benie > 6 months ago.  The simple workaround (the one I plan on
implementing) is to track the last CR, and ensure that it occurred
before the `227'.

Thanks for the heads-up though,
Rusty.
--
Hacking time.