Vulnerability CVE-2012-2663: Information
Description
extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.
Severity: HIGH (7.5)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
iptables | sisyphus | 1.8.3-alt1 | 1.8.10-alt1 | ALT-PU-2019-1927-1 | 229848 | Fixed |
iptables | p10 | 1.8.3-alt1 | 1.8.7-alt1 | ALT-PU-2019-1927-1 | 229848 | Fixed |
iptables | p9 | 1.8.3-alt2 | 1.8.3-alt2 | ALT-PU-2019-2827-1 | 238412 | Fixed |
iptables | c10f1 | 1.8.3-alt1 | 1.8.7-alt1 | ALT-PU-2019-1927-1 | 229848 | Fixed |
iptables | c9f2 | 1.8.3-alt2 | 1.8.3-alt2 | ALT-PU-2019-2827-1 | 238412 | Fixed |
iptables | p11 | 1.8.3-alt1 | 1.8.10-alt1 | ALT-PU-2019-1927-1 | 229848 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
[netfilter-devel] 20120330 Re: `iptables -m tcp --syn` doesn't do what the man says |
|
https://bugzilla.redhat.com/show_bug.cgi?id=826702 |
|