Linux kernel with DCC allows remote attacker to access arbitrary ports

linux-dcc-port-access (8302) The risk level is classified as MediumMedium Risk

Description:

The netfilter connection tracking code in Linux kernel could allow a remote attacker to access arbitrary ports. A vulnerability regarding the lack of access restrictions could allow a remote attacker to access any listening port when a Direct Client Connection (DCC) chat is initiated.


Consequences:

Gain Access

Remedy:

For Red Hat Linux 7.1 and 7.2:
Upgrade to the latest kernel (2.4.9-31 or later), as listed in Red Hat Linux Errata Advisory RHSA-2002:028-13. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

  • BugTraq Mailing List, Wed Feb 27 2002 - 08:02:50 CST: security advisory linux 2.4.x ip_conntrack_irc.
  • Netfilter Web site: security/2002-02-25-irc-dcc-mask.body.
  • BID-4188: Linux Kernel IRC DCC Connection Tracking Module Arbitrary Port Access Vulnerability
  • CVE-2002-0060: IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.
  • MDKSA-2002:041: Updated kernel packages fix multiple vulnerabilities
  • RHSA-2002-028: Updated 2.4 kernel available
  • US-CERT VU#230307: Linux kernel netfilter IRC DCC helper module creates overly permissive firewall rules

Platforms Affected:

  • Linux Kernel 2.4.18 pre1
  • Linux Kernel 2.4.18 pre2
  • Linux Kernel 2.4.18 pre3
  • Linux Kernel 2.4.18 pre4
  • Linux Kernel 2.4.18 pre5
  • Linux Kernel 2.4.18 pre6
  • Linux Kernel 2.4.18 pre7
  • Linux Kernel 2.4.18 pre9
  • Linux Kernel 2.4.18 pre8
  • RedHat Linux 7
  • RedHat Linux 7.1
  • RedHat Linux 7.2
  • RedHat Linux 7.3

Reported:

Feb 27, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page