The Linux Netfilter team has found a problem in the "IRC connection tracking" component of the firewall within the linux kernel. This problem affects Red Hat Linux versions 7.1 and 7.2.
The Linux Netfilter team has found a problem in the IRC connection tracking component of the firewall within the linux kernel. This component is distributed with kernels in Red Hat Linux 7.1 and 7.2, although it is not used in default installations. The problem consists of an excessively broad netmask setting which is applied to check if an "IRC DCC" connection through a masquerading firewall should be allowed. This results in unwanted ports being opened on the firewall, which could, depending on the firewall filter ruleset, allow inbound connections. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0060 to this issue. Thanks to Jozsef Kadlecsik and Harald Welte of the netfilter team. Users are advised to upgrade to this errata kernel containing patches which fix these issues.