Linux Kernel conntrack IPv6 Packet Reassembly Ruleset Bypass

2007-03-07T10:33:59
ID OSVDB:33028
Type osvdb
Reporter OSVDB
Modified 2007-03-07T10:33:59

Description

Vulnerability Description

The Linux Kernel contains a flaw that may allows a remote attacker to bypass certain netfilter rulesets. The issue is due to the 'nf_conntrack' function not copying 'nfctinfo' information resulting in IPv6 fragments are treated as established and could allow an attacker to bypass a ruleset that accepts established packets.

Solution Description

Upgrade to version 2.6.20.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Linux Kernel contains a flaw that may allows a remote attacker to bypass certain netfilter rulesets. The issue is due to the 'nf_conntrack' function not copying 'nfctinfo' information resulting in IPv6 fragments are treated as established and could allow an attacker to bypass a ruleset that accepts established packets.

References:

Vendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3 Secunia Advisory ID:24492 Secunia Advisory ID:25961 Secunia Advisory ID:26620 Secunia Advisory ID:25228 Secunia Advisory ID:25392 Related OSVDB ID: 33027 Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00005.html Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:171 Other Advisory URL: http://www.ubuntu.com/usn/usn-464-1 Other Advisory URL: http://www.us.debian.org/security/2007/dsa-1289 FrSIRT Advisory: ADV-2007-0944 CVE-2007-1497