Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 14 Jan 2015 00:53:19 -0500 (EST)
From: Wade Mealing <wmealing@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org, Florian Weimer <fweimer@...hat.com>,
        Daniel Borkmann <dborkman@...hat.com>
Subject: CVE-2014-8160 Linux Kernel: SCTP firewalling fails until SCTP
 module is loaded

CVE-2014-8160 has been assigned to this issue in net/netfilter/nf_conntrack_proto_generic.c
that can allow protocols that do not have a protocol handler kernel module loaded
through the iptables firewall even if explicitly denied by rule.

For more detail see:

http://www.spinics.net/lists/netfilter-devel/msg33430.html

Wade Mealing -- Red Hat -- Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ