CVE-2007-1497
CVE-2007-1497
nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/24492http://secunia.com/advisories/25228http://secunia.com/advisories/25288http://secunia.com/advisories/25392http://secunia.com/advisories/25961http://secunia.com/advisories/26620https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10457http://www.debian.org/security/2007/dsa-1289http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3http://www.mandriva.com/security/advisories?name=MDKSA-2007:171http://www.mandriva.com/security/advisories?name=MDKSA-2007:196http://www.novell.com/linux/security/advisories/2007_43_kernel.html