Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

fw1-pasv.txt

🗓️ 11 Feb 2000 00:00:00Reported by Mikael OlssonType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

Potential vulnerability allows certain firewalls to expose arbitrary ports to FTP servers.

Code
`Multiple firewalls:  
FTP Application Level Gateway "PASV" Vulnerability  
  
Synopsis  
--------  
It is possible to cause certain firewalls to open up any  
TCP port of your choice against FTP servers that are  
"protected" by those firewalls. This is done by fooling  
the FTP server into echoing "227 PASV" commands out through  
the firewall.  
  
Known affected firewalls  
------------------------  
Firewall-1 v3 allows full communication on the opened port  
Firewall-1 v4 allows only inbound communication on the opened port  
  
NOTE: THIS IS LIKELY A PROBLEM WITH MANY FIREWALLS, DO NOT  
TAKE FOR GRANTED THAT YOUR FIREWALL IS SAFE JUST BECAUSE IT IS  
NOT LISTED HERE  
  
Background  
----------  
  
I've had this idea since late -98, but haven't gotten around to  
doing anything about it. Recently, I posted a "possible vulnerability"  
to [email protected], outlining my ideas. This resulted  
in multiple responses from different people saying that they had  
experienced attacks like this.  
  
It would seem that I should have gone public with my concerns  
a lot sooner, rather than having people frown upon them in private.  
  
For my original, somewhat unstructed, thought process, entitled  
"Breaking through FTP ALGs -- is it possible?", see:  
http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-02-8&[email protected]  
  
  
For an immediate confirmation regarding FW-1 v3 and v4 from  
John McDonald, [email protected], and a real-life attack, entitled  
"FireWall-1 FTP Server Vulnerability", see:  
http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-02-8&[email protected]  
  
[Note: URLs are most likely wrapped]  
  
This attack is most likely to work against stateful inspection  
firewalls protecting servers.  
  
It might also be possible to cause "proxy" like firewalls to  
open arbitrary ports to protected servers.  
  
In the extreme case, albeit a tad unlikely, it may be possible  
to cause any type of firewall to open arbitrary ports against  
FTP clients.  
  
  
Take care, all  
  
--  
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK  
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50  
Mobile: +46 (0)70 248 00 33  
WWW: http://www.enternet.se E-mail: [email protected]  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Feb 2000 00:00Current
7.4High risk
Vulners AI Score7.4
firewall vulnerabilityftp application level gatewayarbitrary port exposurefirewall-1tcp communication
31