CVE-2008-4445

Priority
Low
Description
The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream
Control Transmission Protocol (sctp) implementation in the Linux kernel
before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify
that the identifier index is within the bounds established by
SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive
information via a crafted SCTP_HMAC_IDENT IOCTL request involving the
sctp_getsockopt function, a different vulnerability than CVE-2008-4113.
References
Notes
kees> The linked patch fixes this and CVE-2008-4113
Assigned-to
smb_tp
Package
Upstream:not-affected (code not present)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:not-affected (code not present)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:not-affected (code not present)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.27)
Ubuntu 8.04 LTS (Hardy Heron):released (2.6.24-21.43)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:19:08 UTC (commit 5347)