CVE-2007-1497

Publication date 16 March 2007

Last updated 24 July 2024


Ubuntu priority

nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.

Status

Package Ubuntu Release Status
linux-source-2.6.15 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper
Fixed 2.6.15-29.58
linux-source-2.6.17 7.04 feisty Not in release
6.10 edgy
Fixed 2.6.17.1-12.40
6.06 LTS dapper Not in release
linux-source-2.6.20 7.04 feisty
Not affected
6.10 edgy Not in release
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-464-1
    • Linux kernel vulnerabilities
    • 24 May 2007

Other references