CVE-2006-4572

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.16.31

Description The issue allows remote attackers to bypass rules in ip6 tables in netfilter. This can be achieved in two ways: (1) by sending a packet with the protocol header not located immediately after the fragment header, thus bypassing a rule that disallows a protocol, and (2) by sending a packet with an extension header outside the first fragment, allowing the bypass of a rule that looks for a certain extension header.

Recommendations For Linux kernel versions prior to 2.6.16.31, update to version 2.6.16.31 or later to resolve the issue.