7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.8%
extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP
SYN+FIN packets in --syn rules, which might allow remote attackers to
bypass intended firewall restrictions via crafted packets. NOTE: the
CVE-2012-6638 fix makes this issue less relevant.
Author | Note |
---|---|
sbeattie | This is an iptables userspace issue. A kernel CVE was also assigned as CVE-2012-6638, which has been addressed in Ubuntu kernels. |
mdeslaur | There is no available fix for this issue for iptables, and changing this would result in an unexpected change in behaviour. We will not be fixing this in Ubuntu stable releases, marking as ignored. |