CVE-2002-0060

Current Description

IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.

Basic Data

PublishedMarch 08, 2002
Last ModifiedOctober 10, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel*pre9******2.4.18

Vulnerable Software List

VendorProductVersions
Linux Linux Kernel *

References

NameSourceURLTags
MDKSA-2002:041http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:041MANDRAKE
20020227 security advisory linux 2.4.x ip_conntrack_irchttp://marc.info/?l=bugtraq&m=101483396412051&w=2BUGTRAQ
20020227 Fwd: [ANNOUNCE] Security Advisory about IRC DCC connection trackinghttp://marc.info/?l=vuln-dev&m=101486352429653&w=2VULN-DEV
VU#230307http://www.kb.cert.org/vuls/id/230307CERT-VNUS Government Resource
http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.htmlhttp://www.netfilter.org/security/2002-02-25-irc-dcc-mask.htmlCONFIRMPatch Vendor Advisory
RHSA-2002:028http://www.redhat.com/support/errata/RHSA-2002-028.htmlREDHAT
4188http://www.securityfocus.com/bid/4188BID
HPSBUX0203-027http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0203-027HP
linux-dcc-port-access(8302)https://exchange.xforce.ibmcloud.com/vulnerabilities/8302XF