The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of netfilter

Linux kernel: memory corruption via IPT_SO_SET_REPLACE
A local attacker with CONFIG_USER_NS can generate a memory corruption via the IPT_SO_SET_REPLACE option of the Linux kernel, in order to trigger a denial of service, and possibly to run code...
CERTFR-2016-AVI-099, CERTFR-2016-AVI-267, CERTFR-2016-AVI-278, CVE-2016-3134, CVE-2016-3135, DLA-516-1, DSA-3607-1, FEDORA-2016-02ed08bf15, FEDORA-2016-3a57b19360, openSUSE-SU-2016:1641-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2649-1, RHSA-2016:1847-01, RHSA-2016:1875-01, RHSA-2016:1883-01, SUSE-SU-2016:1672-1, SUSE-SU-2016:1690-1, SUSE-SU-2016:1696-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2074-1, SUSE-SU-2016:2245-1, USN-2929-1, USN-2929-2, USN-2930-1, USN-2930-2, USN-2930-3, USN-2931-1, USN-2932-1, USN-3049-1, USN-3050-1, USN-3051-1, USN-3052-1, USN-3053-1, USN-3054-1, USN-3055-1, USN-3056-1, USN-3057-1, VIGILANCE-VUL-19150
Linux kernel: denial of service via Conntrack DCCP SCTP ICMPv6
An attacker can send DCCP, SCTP or ICMPv6 packets to the Linux kernel, in order to trigger a denial of service...
910, CVE-2015-6496, DSA-3341-1, FEDORA-2015-1aee5e6f0b, FEDORA-2015-5eb2131441, openSUSE-SU-2015:1688-1, VIGILANCE-VUL-17691
Linux kernel: denial of service via Netfilter Conntrack Ext
An attacker can send some packets requiring a complex analysis by Netfilter Conntrack, in order to trigger a denial of service of the Linux kernel...
CERTFR-2015-AVI-236, CERTFR-2015-AVI-328, CVE-2014-9715, DSA-3237-1, openSUSE-SU-2016:0301-1, RHSA-2015:1534-01, RHSA-2015:1564-01, RHSA-2015:1565-01, USN-2611-1, USN-2612-1, USN-2613-1, USN-2614-1, VIGILANCE-VUL-16553
Linux kernel: denial of service via nft_flush_table
A local privileged attacker can force an error in the nft_flush_table() function of the Linux kernel, in order to trigger a denial of service...
1190966, CERTFR-2015-AVI-263, CVE-2015-1573, RHSA-2015:1137-01, RHSA-2015:1138-01, RHSA-2015:1139-01, VIGILANCE-VUL-16138
Linux kernel: bypassing SCTP Firewall rules
When the Conntrack module was not loaded, an attacker can bypass SCTP rules of the Linux kernel firewall...
CERTFR-2015-AVI-081, CERTFR-2015-AVI-085, CERTFR-2015-AVI-093, CERTFR-2015-AVI-165, CVE-2014-8160, DSA-3170-1, MDVSA-2015:057, MDVSA-2015:058, openSUSE-SU-2015:0713-1, openSUSE-SU-2015:0714-1, RHSA-2015:0284-03, RHSA-2015:0290-01, RHSA-2015:0674-01, SUSE-SU-2015:0529-1, SUSE-SU-2015:0581-1, SUSE-SU-2015:0652-1, SUSE-SU-2015:0736-1, USN-2513-1, USN-2514-1, USN-2515-1, USN-2515-2, USN-2516-1, USN-2516-2, USN-2516-3, USN-2517-1, USN-2518-1, VIGILANCE-VUL-15960
Linux kernel: information disclosure via nf_nat_irc
An attacker, who communicates via IRC, can obtain fragments of the Linux kernel, in order to obtain sensitive information...
BID-65180, CERTFR-2014-AVI-107, CVE-2014-0025-REJECT, CVE-2014-1690, openSUSE-SU-2014:0677-1, openSUSE-SU-2014:0678-1, RHSA-2014:0439-01, USN-2137-1, USN-2140-1, USN-2158-1, VIGILANCE-VUL-14146
Linux kernel: altering ebtables
When Linux is used in Bridge mode, with an ebtables mode, a local attacker can modify rules...
BID-37762, CERTA-2002-AVI-252, CERTA-2010-AVI-080, CVE-2010-0007, DSA-1996-1, DSA-2003-1, DSA-2004-1, FEDORA-2010-0919, MDVSA-2011:051, RHSA-2010:0146-01, RHSA-2010:0147-01, RHSA-2010:0161-01, SOL16473, SUSE-SA:2010:007, SUSE-SA:2010:010, SUSE-SA:2010:012, SUSE-SA:2010:013, SUSE-SA:2010:014, SUSE-SU-2011:0928-1, VIGILANCE-VUL-9345, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2
Linux kernel: denial of service of nf_conntrack_h323
An attacker can use malicious H.323 packets in order to generate a denial of service in Netfilter...
BID-24818, CVE-2007-3642, DSA-1356-1, FEDORA-2007-1130, FEDORA-2007-655, MDKSA-2007:195, VIGILANCE-VUL-6974
Linux kernel: denials of service of nfnetlink_log
An attacker can generate four denials of service via nfnetlink_log() function...
BID-22946, CERTA-2002-AVI-088, CVE-2007-1496, DSA-1289-1, MDKSA-2007:171, RHSA-2007:0347-01, SUSE-SA:2007:043, VIGILANCE-VUL-6813
IPv6: vulnerabilities of IPv6 Routing Header
An attacker can send IPv6 packets in order to generate a denial of service or to obtain information...
BID-23615, CERTA-2007-AVI-389, CVE-2007-2242, FEDORA-2007-482, FEDORA-2007-483, FreeBSD-SA-07:03.ipv6, MDKSA-2007:171, MDKSA-2007:196, MDKSA-2007:216, NetBSD-SA2007-005, RHSA-2007:0347-01, SUSE-SA:2007:051, SUSE-SA:2008:006, VIGILANCE-VUL-6761, VU#267289
Our database contains other pages. You can request a free trial to read them.

Display information about netfilter: