Difference between revisions of "Vuln firewall fw state tracking"
(Created page with "'''Description''' This means that your system does allow creating state tracking rules. This means that services like FTP are non-functional, and regular firewall rules are a...") |
|||
| Line 8: | Line 8: | ||
Kernels (2.6.18): | Kernels (2.6.18): | ||
| − | ip_conntrack_ftp | + | |
| − | ip_conntrack | + | ip_conntrack_ftp |
| + | |||
| + | ip_conntrack | ||
Kernels (2.6.32+): | Kernels (2.6.32+): | ||
| − | nf_conntrack | + | |
| − | nf_conntrack_ftp | + | nf_conntrack |
| + | |||
| + | nf_conntrack_ftp | ||
'''Notes for VPS Machines''' | '''Notes for VPS Machines''' | ||
Revision as of 11:47, 16 March 2016
Description
This means that your system does allow creating state tracking rules. This means that services like FTP are non-functional, and regular firewall rules are at best severely degraded.
Resolving This Vulnerability
You need to load the following kernel modules:
Kernels (2.6.18):
ip_conntrack_ftp
ip_conntrack
Kernels (2.6.32+):
nf_conntrack
nf_conntrack_ftp
Notes for VPS Machines
Please note that VPS systems do not have their own kernel. So if you are using a VPS technology you will not be able to install any kernel on the system. VPS technologies share the hosts kernel, and the VPS will inherit the vulnerabilities in that kernel. If you do not control the host, we encourage you to report this vulnerability to your hosting provider and ask they fix their kernel.
False Positives
There are no known False Positives for this.
