sctp in Linux kernel before 126.96.36.199 allows remote attackers to cause a
denial of service (OOPS) via an INIT-ACK that states the peer does not
support AUTH, which causes the sctp_process_init function to clean up
active transports and triggers the OOPS when the T1-Init timer expires.
It was discovered that the SCTP stack did not correctly handle INIT-ACK.
A remote user could exploit this by sending specially crafted SCTP
traffic which would trigger a crash in the system, leading to a denial
of service. This issue did not affect Ubuntu 8.10.
Updated: 2015-10-17 03:30:53 UTC (commit 10086)