sctp in Linux kernel before 22.214.171.124 allows remote attackers to cause a
denial of service (OOPS) via an INIT-ACK that states the peer does not
support AUTH, which causes the sctp_process_init function to clean up
active transports and triggers the OOPS when the T1-Init timer expires.
It was discovered that the SCTP stack did not correctly handle INIT-ACK.
A remote user could exploit this by sending specially crafted SCTP
traffic which would trigger a crash in the system, leading to a denial
of service. This issue did not affect Ubuntu 8.10.
Updated: 2016-01-26 17:31:54 UTC (commit 10507)