Accepting overlapping fragmented ipv6 packets can lead to Operating Systems (OS) fingerprinting, IDS/IPS insertion/evasion, firewall evasion. Do not accept such packets. Linux kernel upstream fixes: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=70789d7052239992824628db8133de08dc78e593 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f46421416fb6b91513fb687d6503142cd99034a5 References: http://tools.ietf.org/rfc/rfc5722.txt https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf Acknowledgements: Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting this issue.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1580 https://rhn.redhat.com/errata/RHSA-2012-1580.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0168 https://rhn.redhat.com/errata/RHSA-2013-0168.html