CVE-2002-0060

Name of the Vulnerable Software and Affected Versions Red Hat Linux kernel versions 2.4.9 and earlier Red Hat Linux kernel-enterprise versions 2.4.9 and earlier Red Hat Linux kernel-smp versions 2.4.9 and earlier Red Hat Linux kernel-doc versions 2.4.9 and earlier Red Hat Linux kernel-headers versions 2.4.9 and earlier Red Hat Linux kernel-BOOT versions 2.4.9 and earlier Red Hat Linux kernel-debug versions 2.4.9 and earlier Red Hat Linux krb5-libs version 1.2.2 and earlier Linux versions 2.4.18-pre9 and earlier

Description The issue involves multiple vulnerabilities in the kernel and other packages of Red Hat Linux, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the IRC connection tracking helper module in the netfilter subsystem for Linux does not properly set the mask for conntrack expectations for incoming DCC connections, allowing remote attackers to bypass intended firewall restrictions.

Recommendations For Red Hat Linux kernel versions 2.4.9 and earlier, update to a newer version to mitigate the risk. For Red Hat Linux kernel-enterprise versions 2.4.9 and earlier, update to a newer version to mitigate the risk. For Red Hat Linux kernel-smp versions 2.4.9 and earlier, update to a newer version to mitigate the risk. For Red Hat Linux kernel-doc versions 2.4.9 and earlier, update to a newer version to mitigate the risk. For Red Hat Linux kernel-headers versions 2.4.9 and earlier, update to a newer version to mitigate the risk. For Red Hat Linux kernel-BOOT versions 2.4.9 and earlier, update to a newer version to mitigate the risk. For Red Hat Linux kernel-debug versions 2.4.9 and earlier, update to a newer version to mitigate the risk. For Red Hat Linux krb5-libs version 1.2.2 and earlier, update to a newer version to mitigate the risk. For Linux versions 2.4.18-pre9 and earlier, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the netfilter subsystem to minimize the risk of exploitation.