Re: [libvirt] [PATCH] CVE-2010-2242 Apply a source port mapping to virtual network masquerading

On Mon, Jul 12, 2010 at 09:19:33AM -0400, Daniel P. Berrange wrote: > For > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2242 > > IPtables will seek to preserve the source port unchanged when > doing masquerading, if possible. NFS has a pseudo-security > option where it checks for the

[libvirt] [PATCH] CVE-2010-2242 Apply a source port mapping to virtual network masquerading

For https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2242 IPtables will seek to preserve the source port unchanged when doing masquerading, if possible. NFS has a pseudo-security option where it checks for the source port <= 1023 before allowing a mount request. If an admin has used this to