[ISN] Flaw weakens Linux security software

From: InfoSec News (isnat_private)
Date: Fri Mar 01 2002 - 02:07:43 PST

  • Next message: InfoSec News: "Re: [ISN] [TSCM-L] Security? Huh!"

    By Stephen Shankland 
    Staff Writer, CNET News.com
    February 28, 2002, 5:30 PM PT
    Programmers have found a vulnerability in Linux that could allow
    protective firewall software to grant malicious computer users access
    to protected networks.
    The flaw, which affects versions 2.4.14 through 2.4.18-pre9 of the
    Linux kernel, is in a component of the Netfilter firewall software.  
    The component is involved when two computer users chat directly with
    each other using the Internet Relay Chat (IRC) system.
    Information sent across the Internet is broken up into tiny "packets,"  
    each with "from" and "to" addresses, indicating who's sent the
    information and where it's intended to go. So-called firewall software
    transmits or screens out these packets based on the address of the
    Netfilter, among the new aspects of the 2.4 version of the Linux
    kernel, is software that runs within the kernel to filter out unwanted
    packets. But its IRC helper component configures firewall settings too
    broadly, potentially allowing communication from IP (Internet
    Protocol) addresses that should be blocked.
    Programmers working on the Netfilter firewall software project
    reported the problem Monday.
    Versions 7.1 and 7.2 of leading Linux seller Red Hat's product are
    vulnerable. The Durham, N.C.-based company issued a patch Thursday
    that corrects the problem. The flawed software isn't installed by
    default on the Red Hat versions, the company said, but some users may
    have added it.
    Security is a nagging concern for the computer industry, which must
    juggle new features with the risk that they open up new problems.  
    While the firewall problem the Netfilter programmers discovered is
    limited to a few versions of Linux, a more serious problem emerged
    earlier this month affecting numerous operating systems using standard
    network management software.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 05:32:49 PST