#VU100003 Security features in Linux kernel - CVE-2002-0060
Published: March 8, 2002 / Updated: October 10, 2017
Vulnerability identifier: #VU100003
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2002-0060
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.
Remediation
Install update from vendor's repository.
External links
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:041
- http://marc.info/?l=bugtraq&m=101483396412051&w=2
- http://marc.info/?l=vuln-dev&m=101486352429653&w=2
- http://www.kb.cert.org/vuls/id/230307
- http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html
- http://www.redhat.com/support/errata/RHSA-2002-028.html
- http://www.securityfocus.com/bid/4188
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0203-027
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8302