From: James Morris
To: ,
Subject: [SECURITY] Security Flaw in IPTables FTP Connection Tracking
Date: Tue, 17 Apr 2001 12:30:41 +1000 (EST)
A security flaw has been discovered in the FTP connection tracking
code in Netfilter/IPTables.
This flaw may allow an attacker to bypass packet filtering rules.
Full details of the flaw and BUGTRAQ posting are available at:
http://netfilter.samba.org/security-fix/index.html
An initial patch for the 2.4.3 kernel is available at:
http://netfilter.samba.org/security-fix/ftp-security.patch
This patch prevents the attacks as described.
Please note that the patch may be subject to further revision,
any updates will be posted at the Netfilter web site:
http://netfilter.samba.org/
The Netfilter team would like to thank Cristiano Lincoln Mattos
<lincoln@cesar.org.br> for discovering and analysing the flaw,
and for notifying us about it.
--
James Morris, Netfilter Core Team
<jmorris@intercode.com.au>
![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)