From a Mandrake Linux advisory posted at Linux Weekly News: "A security hole was found in the earlier Linux 2.4 kernels dealing with
iptables RELATED connection tracking. The iptables ip_conntrack_ftp
module, which is used for stateful inspection of FTP traffic,
does not validate parameters passed to it in an FTP PORT command. Due
to this flaw, carefully constructed PORT commands could open arbitrary
holes in the firewall. This hole has been fixed, as well as a number
of other bugs for the 2.4 kernel shipped with Mandrake Linux 8.0."
August 28, 2001