From: James MorrisTo: , Subject: [SECURITY] Security Flaw in IPTables FTP Connection Tracking Date: Tue, 17 Apr 2001 12:30:41 +1000 (EST) A security flaw has been discovered in the FTP connection tracking code in Netfilter/IPTables. This flaw may allow an attacker to bypass packet filtering rules. Full details of the flaw and BUGTRAQ posting are available at: http://netfilter.samba.org/security-fix/index.html An initial patch for the 2.4.3 kernel is available at: http://netfilter.samba.org/security-fix/ftp-security.patch This patch prevents the attacks as described. Please note that the patch may be subject to further revision, any updates will be posted at the Netfilter web site: http://netfilter.samba.org/ The Netfilter team would like to thank Cristiano Lincoln Mattos <lincoln@cesar.org.br> for discovering and analysing the flaw, and for notifying us about it. -- James Morris, Netfilter Core Team <jmorris@intercode.com.au>