Difference between revisions of "Vuln firewall fw state tracking"
| Line 10: | Line 10: | ||
ip_conntrack_ftp | ip_conntrack_ftp | ||
| − | |||
ip_conntrack | ip_conntrack | ||
| Line 16: | Line 15: | ||
nf_conntrack | nf_conntrack | ||
| − | |||
nf_conntrack_ftp | nf_conntrack_ftp | ||
Revision as of 12:47, 16 March 2016
Description
This means that your system does allow creating state tracking rules. This means that services like FTP are non-functional, and regular firewall rules are at best severely degraded.
Resolving This Vulnerability
You need to load the following kernel modules:
Kernels (2.6.18):
ip_conntrack_ftp ip_conntrack
Kernels (2.6.32+):
nf_conntrack nf_conntrack_ftp
Notes for VPS Machines
Please note that VPS systems do not have their own kernel. So if you are using a VPS technology you will not be able to install any kernel on the system. VPS technologies share the hosts kernel, and the VPS will inherit the vulnerabilities in that kernel. If you do not control the host, we encourage you to report this vulnerability to your hosting provider and ask they fix their kernel.
False Positives
There are no known False Positives for this.
