sctp in Linux kernel before 188.8.131.52 allows remote attackers to cause a
denial of service (OOPS) via an INIT-ACK that states the peer does not
support AUTH, which causes the sctp_process_init function to clean up
active transports and triggers the OOPS when the T1-Init timer expires.
It was discovered that the SCTP stack did not correctly handle INIT-ACK.
A remote user could exploit this by sending specially crafted SCTP
traffic which would trigger a crash in the system, leading to a denial
of service. This issue did not affect Ubuntu 8.10.
Updated: 2015-07-29 20:33:45 UTC (commit 9756)