Searching netfilter software vulnerabilities

The MAC module in Netfilter in Linux kernel 2.4

Netfilter | kernel | module | Linux | MAC |

The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.


The connection tracking core of Netfilter for L

connection | Netfilter | tracking | Linux | core |

The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts.


The route cache implementation in Linux 2.4, an

implementation | Netfilter | conntrack | attackers | service | remote | denial | allows | module | cache | route | Linux | cause |

The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.


Unknown vulnerability in ip_nat_sack_adjust of

ip_nat_sack_adjust | vulnerability | Netfilter | kernels | Unknown | Linux |

Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error.


The tcp_find_option function of the netfilter s

tcp_find_option | subsystem | netfilter | function | Linux | SUSE | IPv6 |

The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626.


The tcp_find_option function of the netfilter s

tcp_find_option | subsystem | netfilter | attackers | iptables | function | service | options | allows | remote | kernel | denial | cause | using | Linux | rules | TCP |

The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type.


Netfilter in the Linux kernel 2.6.8.1 allows lo

Netfilter | kernel | Linux |

Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice.


The netfilter/iptables module in Linux before 2

netfilter/iptables | before | module | Linux |

The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.


The ipt_recent kernel module (ipt_recent.c) in

ipt_recent | module | kernel |

The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872.


Race condition in ebtables netfilter module (eb

condition | netfilter | ebtables | module | Race |

Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked.


ip_nat_pptp in the PPTP NAT helper (netfilter/i

ip_nat_pptp | helper | PPTP | NAT |

ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a null pointer to be used in an offset calculation.


Integer overflow in the do_replace function in

"virtualization | copy_from_user | CAP_NET_ADMIN | solutions" | do_replace | netfilter | overflow | function | 2616-rc3 | Integer | allows | buffer | rights | before | OpenVZ | using | cause | local | users | Linux | such |

Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.


Race condition in the do_add_counters function

do_add_counters | condition | netfilter | function | kernel | Linux | Race |

Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.


The SCTP-netfilter code in Linux kernel before

SCTP-netfilter | kernel | before | Linux | code |

The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function.


SCTP conntrack (ip_conntrack_proto_sctp.c) in n

conntrack | SCTP |

SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.


xt_sctp in netfilter for Linux kernel before 2.

netfilter | xt_sctp | kernel | before | Linux |

xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.


nfnetlink_log in netfilter in the Linux kernel

nfnetlink_log | netfilter | kernel | before | Linux |

nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference.


nf_conntrack in netfilter in the Linux kernel b

nf_conntrack | netfilter | kernel | before | Linux |

nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.


The sctp_new function in (1) ip_conntrack_proto

function | sctp_new |

The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.


The decode_choice function in net/netfilter/nf_

net/netfilter/nf_conntrack_h323_asn1c | decode_choice | function | kernel | before | Linux |

The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.


Software vulnerabilities results 1 to 20 of 23     
Page: 12