From Net-Security.org: "A security hole was found in the earlier Linux 2.4
kernels dealing with iptables RELATED connection
tracking. The iptables ip_conntrack_ftp module, which is
used for stateful inspection of FTP traffic, does not
validate parameters passed to it in an FTP PORT command.
Due to this flaw, carefully constructed PORT commands
could open arbitrary holes in the firewall. This hole has
been fixed, as well as a number of other bugs for the 2.4
kernel shipped with Mandrake Linux 8.0."
August 29, 2001