CVE-2012-2663

Name of the Vulnerable Software and Affected Versions iptables versions through 1.4.21

Description The issue is related to insufficient input validation in the extensions/libxt tcp.c component of the iptables interface, which could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted packet. The vulnerability might allow remote attackers to bypass intended firewall restrictions via crafted TCP SYN+FIN packets in --syn rules.

Recommendations For versions through 1.4.21, consider updating to a version that includes the fix for this issue, as the CVE-2012-6638 fix makes this issue less relevant. As a temporary workaround, consider restricting the use of the --syn rule to minimize the risk of exploitation.