Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 442410

Summary: Kernel : net: acceptation of overlapping ipv6 fragments (CVE-2012-4444)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [<2.6.36]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-11-09 09:56:23 UTC 
From https://bugzilla.redhat.com/show_bug.cgi?id=874835 :

Accepting overlapping fragmented ipv6 packets can lead to Operating Systems (OS) fingerprinting, 
IDS/IPS insertion/evasion, firewall evasion.
Do not accept such packets.

Linux kernel upstream fix:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=70789d7052239992824628db8133de08dc78e593

References:
http://tools.ietf.org/rfc/rfc5722.txt
https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf