Programmers have found a vulnerability in Linux that could allow protective firewall software to grant malicious computer users access to protected networks. The flaw, which affects versions 2.4.14 through 2.4.18-pre9 of the Linux kernel, is in a component of the . . .

Programmers have found a vulnerability in Linux that could allow protective firewall software to grant malicious computer users access to protected networks. The flaw, which affects versions 2.4.14 through 2.4.18-pre9 of the Linux kernel, is in a component of the Netfilter firewall software. The component is involved when two computer users chat directly with each other using the Internet Relay Chat (IRC) system.

Information sent across the Internet is broken up into tiny "packets," each with "from" and "to" addresses, indicating who's sent the information and where it's intended to go. So-called firewall software transmits or screens out these packets based on the address of the sender.

Netfilter, among the new aspects of the 2.4 version of the Linux kernel, is software that runs within the kernel to filter out unwanted packets. But its IRC helper component configures firewall settings too broadly, potentially allowing communication from IP (Internet Protocol) addresses that should be blocked.

The link for this article located at News.com is no longer available.