LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel vulnerabilities in CIPE, ICMP and netfilter.

Package(s):kernel 2.2 and 2.4 CVE #(s):
Created:July 9, 2002 Updated:July 9, 2002
Description: The three vulnerabilities are:
  • CIPE (VPN tunnel) implementation bug that allows a maliciously formed packet to crash the system.
  • ICMP implementation bug that allows remote disclosure of random memory only in kernels prior to 2.4.0-test6 and 2.2.18.
  • IRC connection tracking component of netfilter bug in Linux 2.4 kernels that can lead to unwanted ports being opened on the firewall.

Apparently these three vulnerabilities only impact users who use CIPE (VPN tunnel), kernels prior to 2.4.0-test6 or 2.2.18 or a firewall based on netfilter that uses IRC tracking. Since the kernel tends to be customized by each Linux Distributor, your distribution may or may not be vulnerable.

Alerts:
Mandrake MDKSA-2002:041 2002-07-04
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds