blob: 6b5d7356a761bc0ff871252bf910f642d62d2be3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Candidate: CVE-2006-4572
References:
URL:http://readlist.com/lists/vger.kernel.org/linux-kernel/55/275979.html
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6d381634d213580d40d431e7664dfb45f641b884
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51d8b1a65291a6956b79374b6adbbadc2263bcf6
Description:
Multiple unspecified vulnerabilities in netfilter for IPv6 code in Linux
kernel before 2.6.16.31 allow remote attackers to bypass intended restrictions
via unknown vectors, aka (1) "ip6_tables protocol bypass bug" and
(2) "ip6_tables extension header bypass bug".
Ubuntu-Description:
Mark Dowd discovered that the netfilter iptables module did not
correcly handle fragmented packets. By sending specially crafted
packets, a remote attacker could exploit this to bypass firewall
rules.
Notes:
dannf> port to 2.4.27/2.6.8 is non-trivial, ignoring for now
Bugs:
upstream: released (2.6.19)
linux-2.6: released (2.6.18.dfsg.1-9)
2.6.18-etch-security: released (2.6.18.dfsg.1-9)
2.6.8-sarge-security: ignored (2.6.8-16sarge7)
2.4.27-sarge-security: ignored (2.4.27-10sarge6)
2.6.15-dapper-security: released (2.6.15-28.51)
2.6.17-edgy-security: released (2.6.17.1-10.34)
|