topic Re: Firewall bypass due to Java/Python FTP Injections in General Topics

Firewall bypass due to Java/Python FTP Injections

LeonGubbelsInsign — Tue, 28 Feb 2017 09:47:29 GMT

Hi. Reading the article below on firewall bypass I was wondering if Palo Alto Networks by default blocks active FTP connections.

http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html

That would mitigate the threat. Anyone an idea?

Re: Firewall bypass due to Java/Python FTP Injections

BPry — Tue, 28 Feb 2017 13:40:16 GMT

If you don't have a security policy that would allow FTP sessions into your network then it would be blocked, if you for some reason have any 'any any' rule from your trust to untrust then the session would be allowed.

Re: Firewall bypass due to Java/Python FTP Injections

chinitsara — Thu, 02 Mar 2017 05:07:53 GMT

Yes i understand about we can blocking with don't use allow FTP in security policy but if someone want to use policy ftp for allow FTP service to untrust or any zone. I think firewall should have a FTP Injections signature to protect this vulnerability.

Re: Firewall bypass due to Java/Python FTP Injections

emr_1 — Thu, 02 Mar 2017 05:16:51 GMT

content 667 was released:

Notes:

Palo Alto Networks has released a content update to add coverage for FTP Java/Python FTP Injection vulnerability as discussed in the security advisory [1]. Customers are advised to upgrade all devices to Content Apps and Threats Version 667-3876 or later and review policies to ensure desired actions are configured on all security policies. References [1] - http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html

I can find FIVE "Java/Python FTP Injection Vulnerability" vulnerability signatures in it.

Re: Firewall bypass due to Java/Python FTP Injections

chinitsara — Thu, 02 Mar 2017 06:51:53 GMT

I check in PANW Threat Vault has update Content Apps and Threats Version 667-3876 for FTP Java/Python FTP Injection vulnerability already. Thank you for information.