nf_conntrack in netfilter in the Linux kernel prior to 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote malicious users to bypass certain rulesets using IPv6 fragments.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |