874835 – (CVE-2012-4444) CVE-2012-4444 kernel: net: acceptation of overlapping ipv6 fragments

Bug 874835 (CVE-2012-4444) - CVE-2012-4444 kernel: net: acceptation of overlapping ipv6 fragments

Summary: CVE-2012-4444 kernel: net: acceptation of overlapping ipv6 fragments

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-4444
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	819952 874550 874837 874838
Blocks:	828852
TreeView+	depends on / blocked

Reported:	2012-11-08 22:12 UTC by Petr Matousek
Modified:	2023-05-11 20:39 UTC (History)
CC List:	30 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-09 17:39:52 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:1580	0	normal	SHIPPED_LIVE	Moderate: kernel security, bug fix and enhancement update	2012-12-19 03:31:48 UTC
Red Hat Product Errata	RHSA-2013:0168	0	normal	SHIPPED_LIVE	Moderate: kernel security and bug fix update	2013-01-23 00:55:33 UTC

Description Petr Matousek 2012-11-08 22:12:04 UTC

Accepting overlapping fragmented ipv6 packets can lead to Operating Systems (OS) fingerprinting, IDS/IPS insertion/evasion, firewall evasion.
Do not accept such packets.

Linux kernel upstream fixes:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=70789d7052239992824628db8133de08dc78e593
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f46421416fb6b91513fb687d6503142cd99034a5

References:
http://tools.ietf.org/rfc/rfc5722.txt
https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf

Acknowledgements:

Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting this issue.

Comment 2 errata-xmlrpc 2012-12-18 22:36:40 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1580 https://rhn.redhat.com/errata/RHSA-2012-1580.html

Comment 3 errata-xmlrpc 2013-01-22 19:56:25 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0168 https://rhn.redhat.com/errata/RHSA-2013-0168.html

Note You need to log in before you can comment on or make changes to this bug.

agordeev
anton
bhu
davej
dhoward
fhrbata
gansalmon
iboverma
itamar
jforbes
jkacur
jlieskov
jneedle
john.mora
jonathan
jrusnack
jwboyer
kernel-maint
kernel-mgr
lgoncalv
lwang
madhu.chinakonda
mcressma
plougher
ppandit
robert-bugzilla
rt-maint
rvrbovsk
sforsber
williams