CVE-2008-4576

Priority
Low
Description
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a
denial of service (OOPS) via an INIT-ACK that states the peer does not
support AUTH, which causes the sctp_process_init function to clean up
active transports and triggers the OOPS when the T1-Init timer expires.
Ubuntu-Description
It was discovered that the SCTP stack did not correctly handle INIT-ACK.
A remote user could exploit this by sending specially crafted SCTP
traffic which would trigger a crash in the system, leading to a denial
of service. This issue did not affect Ubuntu 8.10.
References
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.27)
Ubuntu 8.04 LTS (Hardy Heron):released (2.6.24-22.45)
Patches:
Upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=add52379dde2e5300e2d574b172e62c6cf43b3d3
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:19:09 UTC (commit 5347)