First published: Wed Jan 14 2015(Updated: )
It was reported [1] that iptables can allow protocols that do not have a protocol handler kernel module loaded. Given following iptables ruleset: -P FORWARD DROP -A FORWARD -m sctp --dport 9 -j ACCEPT -A FORWARD -p tcp --dport 80 -j ACCEPT -A FORWARD -p tcp -m conntrack -m state ESTABLISHED,RELATED -j ACCEPT One would assume that this allows SCTP on port 9 and TCP on port 80. Unfortunately, if the SCTP conntrack module is not loaded, this allows *all* SCTP communication to pass through, i.e. -p sctp -j ACCEPT [1]: <a href="http://www.spinics.net/lists/netfilter-devel/msg33430.html">http://www.spinics.net/lists/netfilter-devel/msg33430.html</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <3.18 | |
openSUSE openSUSE | =13.1 | |
SUSE Linux Enterprise Desktop | =12 | |
Suse Linux Enterprise Real Time Extension | =11-sp3 | |
SUSE Linux Enterprise Server | =11-sp1 | |
SUSE Linux Enterprise Server | =12 | |
SUSE Linux Enterprise Software Development Kit | =12 | |
Suse Linux Enterprise Workstation Extension | =12 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =6.5 | |
Redhat Enterprise Linux Server Aus | =6.6 | |
Redhat Enterprise Linux Server Aus | =7.3 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Eus | =6.5 | |
Redhat Enterprise Linux Server Eus | =6.6 | |
Redhat Enterprise Linux Server Eus | =7.3 | |
Redhat Enterprise Linux Server Eus | =7.4 | |
Redhat Enterprise Linux Server Eus | =7.5 | |
Redhat Enterprise Linux Server Eus | =7.6 | |
Redhat Enterprise Linux Server Eus | =7.7 | |
Redhat Enterprise Linux Server Tus | =6.5 | |
Redhat Enterprise Linux Server Tus | =6.6 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.7 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =14.10 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.