CVE-2008-2826

Priority
Medium
Description
Integer overflow in the sctp_getsockopt_local_addrs_old function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
functionality in the Linux kernel before 2.6.25.9 allows local users to
cause a denial of service (resource consumption and system outage) via
vectors involving a large addr_num field in an sctp_getaddrs_old data
structure.
Ubuntu-Description
Gabriel Campana discovered that SCTP routines did not correctly check
for large addresses. A local user could exploit this to allocate all
available memory, leading to a denial of service.
References
Notes
 kees> linux-2.6: 735ce972fbc8a65fb17788debd7bbe7b4383cc62
 kees> was reported at one point as CVE-2008-2372
Assigned-to
kees
Package
Upstream:needed
Package
Upstream:needed
Package
Upstream:needed
Package
Source: linux (LP Ubuntu Debian)
Upstream:released
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:32:56 UTC (commit 9756)