CVE-2008-4445

Priority
Description
The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream
Control Transmission Protocol (sctp) implementation in the Linux kernel
before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify
that the identifier index is within the bounds established by
SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive
information via a crafted SCTP_HMAC_IDENT IOCTL request involving the
sctp_getsockopt function, a different vulnerability than CVE-2008-4113.
Assigned-to
smb_tp
Notes
keesThe linked patch fixes this and CVE-2008-4113
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.27)
Package
Upstream:not-affected (code not present)
Package
Upstream:not-affected (code not present)
Package
Upstream:not-affected (code not present)
More Information

Updated: 2020-09-10 00:48:18 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)