Candidate: CVE-2008-4576
PublicDate: 2008-10-15 20:07:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4576
 https://ubuntu.com/security/notices/USN-679-1
Description:
 sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a
 denial of service (OOPS) via an INIT-ACK that states the peer does not
 support AUTH, which causes the sctp_process_init function to clean up
 active transports and triggers the OOPS when the T1-Init timer expires.
Ubuntu-Description:
 It was discovered that the SCTP stack did not correctly handle INIT-ACK.
 A remote user could exploit this by sending specially crafted SCTP
 traffic which would trigger a crash in the system, leading to a denial
 of service.  This issue did not affect Ubuntu 8.10.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.27~rc7)
dapper_linux-source-2.6.15: released (2.6.15-53.74)
gutsy_linux-source-2.6.15: DNE
hardy_linux-source-2.6.15: DNE
intrepid_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux-source-2.6.22:
upstream_linux-source-2.6.22: released (2.6.27~rc7)
dapper_linux-source-2.6.22: DNE
gutsy_linux-source-2.6.22: released (2.6.22-16.60)
hardy_linux-source-2.6.22: DNE
intrepid_linux-source-2.6.22: DNE
devel_linux-source-2.6.22: DNE

Patches_linux:
 upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=add52379dde2e5300e2d574b172e62c6cf43b3d3
upstream_linux: released (2.6.27~rc7)
dapper_linux: DNE
gutsy_linux: DNE
hardy_linux: released (2.6.24-22.45)
intrepid_linux: not-affected
devel_linux: not-affected