Published: 07/11/2006 Updated: 13/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

ip6_tables in netfilter in the Linux kernel prior to 2.6.16.31 allows remote malicious users to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.11
linux linux kernel 2.6.4
linux linux kernel 2.6.16.16
linux linux kernel 2.6.16.9
linux linux kernel 2.6.12
linux linux kernel 2.6.14
linux linux kernel 2.6.11.2
linux linux kernel 2.6.5
linux linux kernel 2.6.15.3
linux linux kernel 2.6.11.10
linux linux kernel 2.6.10
linux linux kernel 2.6.13
linux linux kernel 2.6.1
linux linux kernel 2.6.16.6
linux linux kernel 2.6.16.8
linux linux kernel 2.6.16
linux linux kernel 2.6.7
linux linux kernel 2.6.14.7
linux linux kernel 2.6.3
linux linux kernel 2.6.15
linux linux kernel 2.6.13.3
linux linux kernel 2.6.11.8
linux linux kernel 2.6.14.4
linux linux kernel 2.6.16.18
linux linux kernel 2.6.14.3
linux linux kernel 2.6.11.6
linux linux kernel 2.6.11.11
linux linux kernel 2.6.16.13
linux linux kernel 2.6.9
linux linux kernel 2.6.16.4
linux linux kernel 2.6.16.15
linux linux kernel 2.6.15.6
linux linux kernel 2.6.15.1
linux linux kernel 2.6.11.5
linux linux kernel 2.6.16.1
linux linux kernel 2.6.8
linux linux kernel 2.6.2
linux linux kernel 2.6.6
linux linux kernel 2.6.14.5
linux linux kernel 2.6.13.2
linux linux kernel 2.6.13.5
linux linux kernel 2.6.16.11
linux linux kernel 2.6.16.14
linux linux kernel 2.6.16.25
linux linux kernel 2.6.16.21
linux linux kernel 2.6.16.28
linux linux kernel 2.6.14.1
linux linux kernel 2.6.16.23
linux linux kernel 2.6.12.5
linux linux kernel 2.6.15.7
linux linux kernel 2.6.16.3
linux linux kernel 2.6.14.6
linux linux kernel 2.6.12.1
linux linux kernel 2.6.11.9
linux linux kernel 2.6.0
linux linux kernel 2.6.13.4
linux linux kernel 2.6.12.2
linux linux kernel 2.6.16.26
linux linux kernel 2.6.16.29
linux linux kernel 2.6.15.2
linux linux kernel 2.6.16.22
linux linux kernel 2.6.16.10
linux linux kernel 2.6.12.4
linux linux kernel 2.6.11.3
linux linux kernel 2.6.16.24
linux linux kernel 2.6.12.3
linux linux kernel 2.6.15.4
linux linux kernel 2.6.16.17
linux linux kernel 2.6.16.12
linux linux kernel 2.6.16.27
linux linux kernel 2.6.12.6
linux linux kernel 2.6.11.7
linux linux kernel 2.6.16.2
linux linux kernel 2.6.14.2
linux linux kernel 2.6.16.7
linux linux kernel 2.6.8.1
linux linux kernel 2.6.16.5
linux linux kernel 2.6.11.4
linux linux kernel
linux linux kernel 2.6.16.19
linux linux kernel 2.6.11.12
linux linux kernel 2.6.16.20
linux linux kernel 2.6.15.5
linux linux kernel 2.6.11.1
linux linux kernel 2.6.13.1

Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented IPv6 packets By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules This has has already been fixed for Ubuntu 610 in USN-395-1; this is the corresponding fix for Ubuntu 606(CVE-2006-4572) ...

Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules This has only be fixed for Ubuntu 610; the corresponding fix for Ubuntu 510 and 606 will follow soon (CVE-2006-4572) ...

CWE-264 http://readlist.com/lists/vger.kernel.org/linux-kernel/55/275979.html http://secunia.com/advisories/22731 http://secunia.com/advisories/22762 http://www.securityfocus.com/bid/20955 http://www.kernel.org/git/?p=linux%2Fkernel%2Fgit%2Fstable%2Flinux-2.6.16.y.git&a=search&s=CVE-2006-4572 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.31 http://www.ubuntu.com/usn/usn-395-1 http://secunia.com/advisories/23384 http://www.novell.com/linux/security/advisories/2006_79_kernel.html http://www.ubuntu.com/usn/usn-416-1 http://secunia.com/advisories/24098 http://www.securityfocus.com/archive/1/471457 http://www.mandriva.com/security/advisories?name=MDKSA-2006:197 http://secunia.com/advisories/25691 http://secunia.com/advisories/23474 http://www.vupen.com/english/advisories/2006/4386 http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git%3Ba=commit%3Bh=0ddfcc96928145d6a6425fdd26dad6abfe7f891d http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git%3Ba=commit%3Bh=6ac62be885810e1f8390f0c3b9d3ee451d3d3f19 https://nvd.nist.gov https://usn.ubuntu.com/416-1/

CVE-2006-4572

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect