Difference between revisions of "Vuln firewall fw state tracking"

From Atomicorp Wiki
Jump to: navigation, search
Line 10: Line 10:
  
 
   ip_conntrack_ftp
 
   ip_conntrack_ftp
 
 
   ip_conntrack
 
   ip_conntrack
  
Line 16: Line 15:
  
 
   nf_conntrack
 
   nf_conntrack
 
 
   nf_conntrack_ftp
 
   nf_conntrack_ftp
  

Revision as of 11:47, 16 March 2016

Description

This means that your system does allow creating state tracking rules. This means that services like FTP are non-functional, and regular firewall rules are at best severely degraded.

Resolving This Vulnerability

You need to load the following kernel modules:

Kernels (2.6.18):

 ip_conntrack_ftp
 ip_conntrack

Kernels (2.6.32+):

 nf_conntrack
 nf_conntrack_ftp

Notes for VPS Machines

Please note that VPS systems do not have their own kernel. So if you are using a VPS technology you will not be able to install any kernel on the system. VPS technologies share the hosts kernel, and the VPS will inherit the vulnerabilities in that kernel. If you do not control the host, we encourage you to report this vulnerability to your hosting provider and ask they fix their kernel.

False Positives

There are no known False Positives for this.

Personal tools