[ISN] Flaw weakens Linux security software

From: InfoSec News (isnat_private)
Date: Fri Mar 01 2002 - 02:07:43 PST

Next message: InfoSec News: "Re: [ISN] [TSCM-L] Security? Huh!"

Previous message: InfoSec News: "[ISN] Cyber crime gathers strength"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.com.com/2100-1001-848467.html

By Stephen Shankland 
Staff Writer, CNET News.com
February 28, 2002, 5:30 PM PT

Programmers have found a vulnerability in Linux that could allow
protective firewall software to grant malicious computer users access
to protected networks.

The flaw, which affects versions 2.4.14 through 2.4.18-pre9 of the
Linux kernel, is in a component of the Netfilter firewall software.  
The component is involved when two computer users chat directly with
each other using the Internet Relay Chat (IRC) system.

Information sent across the Internet is broken up into tiny "packets,"  
each with "from" and "to" addresses, indicating who's sent the
information and where it's intended to go. So-called firewall software
transmits or screens out these packets based on the address of the
sender.

Netfilter, among the new aspects of the 2.4 version of the Linux
kernel, is software that runs within the kernel to filter out unwanted
packets. But its IRC helper component configures firewall settings too
broadly, potentially allowing communication from IP (Internet
Protocol) addresses that should be blocked.

Programmers working on the Netfilter firewall software project
reported the problem Monday.

Versions 7.1 and 7.2 of leading Linux seller Red Hat's product are
vulnerable. The Durham, N.C.-based company issued a patch Thursday
that corrects the problem. The flawed software isn't installed by
default on the Red Hat versions, the company said, but some users may
have added it.

Security is a nagging concern for the computer industry, which must
juggle new features with the risk that they open up new problems.  
While the firewall problem the Netfilter programmers discovered is
limited to a few versions of Linux, a more serious problem emerged
earlier this month affecting numerous operating systems using standard
network management software.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

Next message: InfoSec News: "Re: [ISN] [TSCM-L] Security? Huh!"
Previous message: InfoSec News: "[ISN] Cyber crime gathers strength"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 05:32:49 PST