nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-03-16T22:00:00
Updated: 2024-08-07T12:59:08.540Z
Reserved: 2007-03-16T00:00:00
Link: CVE-2007-1497
Vulnrichment
No data.
NVD
Status : Modified
Published: 2007-03-16T22:19:00.000
Modified: 2017-10-11T01:31:52.860
Link: CVE-2007-1497
Redhat