On Sat, 12 Feb 2000 Lars.Troenat_private wrote: > -----Original Message----- > From: Check Point Support [mailto:cpsupporat_private] > Sent: 12. februar 2000 06:01 > To: fw-1-mailinglistat_private > Subject: [FW1] Check Point News Announcement > [snip] > - For those using stateful inspection of passive FTP, the following > patch > has been supplied. > > Patch: > The patch consists of a new $FWDIR/lib/base.def file that includes a fix > to > the problem (the file is compatible with Firewall-1 4.0 SP-5, other > platforms will be released as soon as possible). The fix involves an > enforcement on the existence of the newline character at the end of each > packet on the FTP control connection, this will close off the described > vulnerability. [snip] This would work fine, except that, provided someone could create a directory named (C-syntax) "mtu-padding\r\n227 evil message\r\n" AND change to that dir, a "PWD" would probably happily spit out the message, in a very correct form. Disclaimer: I am no FTP protocol expert, so the dir-making and CWD-ing above might not work. This might also not work if the server quotes its output properly. ------------+------------------------------------------ Alex Popa, |There never was a good war or a bad peace razorat_private| -- B. Franklin ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:34:38 PDT