CVE-2001-0405

Linux Kernel - Firewall Bypass via FTP PORT Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0405. PoCs published by Cristiano Lincoln Mattos.

AI-analyzed exploit summary This exploit leverages a vulnerability in the Linux iptables FTP stateful inspection module (CVE-2001-0405) to manipulate the connection table. By sending a crafted PORT command with an arbitrary IP and port, it tricks the firewall into allowing unauthorized connections from the FTP server to the specified target.

Description

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cristiano Lincoln Mattos · perlremotelinux

https://www.exploit-db.com/exploits/20765

View Code ZIP pw:eip

This exploit leverages a vulnerability in the Linux iptables FTP stateful inspection module (CVE-2001-0405) to manipulate the connection table. By sending a crafted PORT command with an arbitrary IP and port, it tricks the firewall into allowing unauthorized connections from the FTP server to the specified target.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Linux kernel iptables (FTP connection tracking module)

No auth needed

Prerequisites: Access to an FTP server behind the vulnerable iptables firewall · Network connectivity to the FTP server

MITRE ATT&CK