COMMAND

    "PASV"

SYSTEMS AFFECTED

    Firewall-1 (others?)

PROBLEM

    Mikael Olsson found  following.  It  is possible to  cause certain
    firewalls  to  open  up  any  TCP  port of your choice against FTP
    servers that are "protected" by those firewalls.  This is done  by
    fooling  the  FTP  server  into  echoing  "227  PASV" commands out
    through the firewall.  Firewall-1 v3 allows full communication  on
    the  opened   port  and   Firewall-1  v4   allows  only    inbound
    communication on the opened port.

    This attack  is most  likely to  work against  stateful inspection
    firewalls protecting servers.  It might also be possible to  cause
    "proxy"  like  firewalls  to  open  arbitrary  ports  to protected
    servers.  In the  extreme case, albeit a  tad unlikely, it may  be
    possible to  cause any  type of  firewall to  open arbitrary ports
    against FTP clients.

SOLUTION

    Nothing yet.