CVE-2012-2663
https://notcve.org/view.php?id=CVE-2012-2663
extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant. extensions/libxt_tcp.c en iptables hasta 1.4.21 no hace conincidir paquetes TCP SYN+FIN en reglas --syn, lo que podría permitir a atacantes remotos evadir las restricciones de firewall a través de paquetes manipulados. NOTA: la solución de CVE-2012-6638 hace que este problema sea menos relevante. • http://www.spinics.net/lists/netfilter-devel/msg21248.html https://bugzilla.redhat.com/show_bug.cgi?id=826702 •
CVE-2001-1387
https://notcve.org/view.php?id=CVE-2001-1387
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50500 http://rhn.redhat.com/errata/RHSA-2001-144.html • CWE-203: Observable Discrepancy •
CVE-2001-1388
https://notcve.org/view.php?id=CVE-2001-1388
iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=53325 http://rhn.redhat.com/errata/RHSA-2001-144.html • CWE-770: Allocation of Resources Without Limits or Throttling •