CVE - CVE-2006-4572

CVE-ID
CVE-2006-4572	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20070615 rPSA-2007-0124-1 kernel xen URL:http://www.securityfocus.com/archive/1/471457 MISC:20955 URL:http://www.securityfocus.com/bid/20955 MISC:22731 URL:http://secunia.com/advisories/22731 MISC:22762 URL:http://secunia.com/advisories/22762 MISC:23384 URL:http://secunia.com/advisories/23384 MISC:23474 URL:http://secunia.com/advisories/23474 MISC:24098 URL:http://secunia.com/advisories/24098 MISC:25691 URL:http://secunia.com/advisories/25691 MISC:ADV-2006-4386 URL:~~http://www.vupen.com/english/advisories/2006/4386~~ (Obsolete source) MISC:MDKSA-2006:197 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:197~~ (Obsolete source) MISC:SUSE-SA:2006:079 URL:http://www.novell.com/linux/security/advisories/2006_79_kernel.html MISC:USN-395-1 URL:http://www.ubuntu.com/usn/usn-395-1 MISC:USN-416-1 URL:http://www.ubuntu.com/usn/usn-416-1 MISC:[linux-kernel] 20061105 Linux 2.6.16.31-rc1 URL:http://readlist.com/lists/vger.kernel.org/linux-kernel/55/275979.html MISC:http://www.kernel.org/git/?p=linux%2Fkernel%2Fgit%2Fstable%2Flinux-2.6.16.y.git&a=search&s=CVE-2006-4572 URL:http://www.kernel.org/git/?p=linux%2Fkernel%2Fgit%2Fstable%2Flinux-2.6.16.y.git&a=search&s=CVE-2006-4572 MISC:http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git%3Ba=commit%3Bh=0ddfcc96928145d6a6425fdd26dad6abfe7f891d URL:http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git%3Ba=commit%3Bh=0ddfcc96928145d6a6425fdd26dad6abfe7f891d MISC:http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git%3Ba=commit%3Bh=6ac62be885810e1f8390f0c3b9d3ee451d3d3f19 URL:http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git%3Ba=commit%3Bh=6ac62be885810e1f8390f0c3b9d3ee451d3d3f19 MISC:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.31 URL:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.31
Assigning CNA
Red Hat, Inc.
Date Record Created
20060906	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060906)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE™ List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2025, The MITRE Corporation. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation.