Linux Today: Linux News On Internet Time.

SuSE Security Announcement: Linux kernel masquerading vulnerability

Apr 30, 2000, 07:16 (0 Talkback[s])
(Other stories by Marc Heuse)

Date: Sat, 29 Apr 2000 15:42:16 +0200 (MEST)
From: Marc Heuse marc@suse.de
To: suse-security@suse.com
Subject: [suse-security-announce] Linux kernel masquerading vulnerability


Everyone who does masquerading with a linux kernel: please note that all kernels are known to have the following vulnerability:

The ftp and udp masquerading modules can be used by an attacker in some circumstances to access internal machines.

These bugs will hopefully be fixed by the linux kernel team in version 2.2.15

We will provide a kernel update once the new kernel version is available.

SuSE Security Team

Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: marc@suse.de Function: Security Support & Auditing