Commits
Vasily Tarasov authored and Pavel Emelianov committed 540a52a6916
[PATCH] netfilter: nf_conntrack_ipv6: fix incorrect classification of IPv6 fragments as ESTABLISHED From: Patrick McHardy <kaber@trash.net> The individual fragments of a packet reassembled by conntrack have the conntrack reference from the reassembled packet attached, but nfctinfo is not copied. This leaves it initialized to 0, which unfortunately is the value of IP_CT_ESTABLISHED. The result is that all IPv6 fragments are tracked as ESTABLISHED, allowing them to bypass a usual ruleset which accepts ESTABLISHED packets early. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dd63006b8fb5abf2336e145632610c6175a28fea CVE-2007-1497 http://bugzilla.openvz.org/show_bug.cgi?id=612