Bug 874835 (CVE-2012-4444)

Summary: CVE-2012-4444 kernel: net: acceptation of overlapping ipv6 fragments
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: agordeev, anton, bhu, davej, dhoward, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, jlieskov, jneedle, john.mora, jonathan, jrusnack, jwboyer, kernel-maint, kernel-mgr, lgoncalv, lwang, madhu.chinakonda, mcressma, plougher, ppandit, robert-bugzilla, rt-maint, rvrbovsk, sforsber, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-09 17:39:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 819952, 874550, 874837, 874838    
Bug Blocks: 828852    

Description Petr Matousek 2012-11-08 22:12:04 UTC
Accepting overlapping fragmented ipv6 packets can lead to Operating Systems (OS) fingerprinting, IDS/IPS insertion/evasion, firewall evasion.
Do not accept such packets.

Linux kernel upstream fixes:



Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting this issue.

Comment 2 errata-xmlrpc 2012-12-18 22:36:40 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1580 https://rhn.redhat.com/errata/RHSA-2012-1580.html

Comment 3 errata-xmlrpc 2013-01-22 19:56:25 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0168 https://rhn.redhat.com/errata/RHSA-2013-0168.html