http://news.com.com/2100-1001-848467.html
http://www.netfilter.org/security/20...-dcc-mask.html
http://news.com.com/2100-1001-835602.html
http://www.redhat.com/support/errata/RHSA-2002-028.html

By Stephen Shankland
Staff Writer, CNET News.com
February 28, 2002, 5:30 PM PT


Programmers have found a vulnerability in Linux that could allow protective
firewall software to grant malicious computer users access to protected
networks.
The flaw, which affects versions 2.4.14 through 2.4.18-pre9 of the Linux
kernel, is in a component of the Netfilter firewall software. The component
is involved when two computer users chat directly with each other using the
Internet Relay Chat (IRC) system.
Information sent across the Internet is broken up into tiny "packets," each
with "from" and "to" addresses, indicating who's sent the information and
where it's intended to go. So-called firewall software transmits or screens
out these packets based on the address of the sender.


Netfilter, among the new aspects of the 2.4 version of the Linux kernel, is
software that runs within the kernel to filter out unwanted packets. But its
IRC helper component configures firewall settings too broadly, potentially
allowing communication from IP (Internet Protocol) addresses that should be
blocked.
Programmers working on the Netfilter firewall software project reported the
problem Monday.
Versions 7.1 and 7.2 of leading Linux seller Red Hat's product are
vulnerable. The Durham, N.C.-based company issued a patch Thursday that
corrects the problem. The flawed software isn't installed by default on the
Red Hat versions, the company said, but some users may have added it.
Security is a nagging concern for the computer industry, which must juggle
new features with the risk that they open up new problems. While the
firewall problem the Netfilter programmers discovered is limited to a few
versions of Linux, a more serious problem emerged earlier this month
affecting numerous operating systems using standard network management
software.