IPTABLES: dangerous vulnerability (CVE-2014-2523) DCCP

Vulnerable section of code existed in Linux since version 2.6.26 (July 2008) to 3.13 inclusive. Despite the fact that the correction was made in early January 2014 (and included in Linux 3.14-RC1), the problem has been reported as a vulnerability only on Monday. The release of patches for popular distributions can be traced to the following pages: Fedora / RHEL, SuSE, Debian, Ubuntu.

iptables -t raw -I PREROUTING -p dccp -j NOTRACK
iptables -t raw -I OUTPUT -p dccp -j NOTRACK

or

blacklist dccp
blacklist nf_conntrack_dccp
blacklist xt_dccp 

or

find /lib/modules -iname \*dccp\* -delete 
Scroll to top