Date: Thu, 8 Nov 2012 23:15:51 +0100 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request --- acceptation of overlapping ipv6 fragments Accepting overlapping fragmented ipv6 packets can lead to Operating Systems (OS) fingerprinting, IDS/IPS insertion/evasion, firewall evasion. Do not accept such packets. Linux kernel upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=70789d7052239992824628db8133de08dc78e593 References: http://tools.ietf.org/rfc/rfc5722.txt https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ