CVE-2008-2826

Priority
Medium
Description
Integer overflow in the sctp_getsockopt_local_addrs_old function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
functionality in the Linux kernel before 2.6.25.9 allows local users to
cause a denial of service (resource consumption and system outage) via
vectors involving a large addr_num field in an sctp_getaddrs_old data
structure.
Ubuntu-Description
Gabriel Campana discovered that SCTP routines did not correctly check
for large addresses. A local user could exploit this to allocate all
available memory, leading to a denial of service.
References
Notes
kees> linux-2.6: 735ce972fbc8a65fb17788debd7bbe7b4383cc62
kees> was reported at one point as CVE-2008-2372
Assigned-to
kees
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released
Ubuntu 8.04 LTS (Hardy Heron):released (2.6.24-19.36)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:53 UTC (commit 5347)