Re: [suse-security] kernel 2.4: ipchains and ip_masq_ftp
maf king wrote:
One thing to bear in mind with this approach : AFAIK the stock SuSE 7.2 2.4.4 kernel hasn't been patched to close the serious security hole in ip_conntrack_ftp, so if security is of any importance at all, and you have to allow FTP, 2.2.19 is probably better.
I thought that problem only affected kernels <= 2.4.3. Looking at my
SuSE 7.2 system with a 2.4.4-4GB kernel (default), i see the following
in lines 352-355 of my
/usr/src/linux-2.4.4.SuSE/net/ipv4/netfilter/ip_conntrack_ftp.c:
----
/* Thanks to Cristiano Lincoln Mattos
participants (1)
-
Sergi Puso Gallart