Bugzilla – Bug 765488
VUL-1: CVE-2012-2663: iptables: -m tcp --syn behaves unexpectedly
Last modified: 2019-04-11 22:46:21 UTC
(We have splitted this into two dedicated bugs for better tracking purposes) Initially the issue was reported as being a kernel DoS (bnc#765102) this can also lead to certain iptables rules getting bypassed. Detailed explanation available at: http://www.spinics.net/lists/netfilter-devel/msg21248.html
bugbot adjusting priority
the cve is used here... CVE-2012-2663
Reading the thread above, they came to conclusion that it's not worth fixing: http://www.spinics.net/lists/netfilter-devel/msg21259.html The upstream didn't fix this, nor did Debian or Red Hat. Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675445 Do we want the patch from http://www.spinics.net/lists/netfilter-devel/msg21245.html ?
But its already fixed via bnc#765102 ? Above CVE is mentioned there.
Ok. As long as our kernels drop the SYN/FIN packets, we don't have to care about the iptables part. You can close the bug.
closing