Date: Thu, 8 Nov 2012 23:15:51 +0100 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request --- acceptation of overlapping ipv6 fragments Accepting overlapping fragmented ipv6 packets can lead to Operating Systems (OS) fingerprinting, IDS/IPS insertion/evasion, firewall evasion. Do not accept such packets. Linux kernel upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=70789d7052239992824628db8133de08dc78e593 References: http://tools.ietf.org/rfc/rfc5722.txt https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.