I heard about this today. Has anyone had a chance to look at it and determine if its possible to compromise a host that is running proftpd server and using netfilters with iptables under the 2.4.3 kernel? i.e. Firewall script running on same box as ftp server...
I don't see how this can be done if the ftp server doesn't support anonymous logins or fpx xfers... Please check out http://www.tempest.com.br/advisories/01-2001.html#1 The site seems to be having problems. Took me a bit to get it to come up but it is a good read. Cheers! Bob Robert Bartels Network Administrator University of Kentucky
