CVE-2008-4576

Priority
Description
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a
denial of service (OOPS) via an INIT-ACK that states the peer does not
support AUTH, which causes the sctp_process_init function to clean up
active transports and triggers the OOPS when the T1-Init timer expires.
Ubuntu-Description
It was discovered that the SCTP stack did not correctly handle INIT-ACK.
A remote user could exploit this by sending specially crafted SCTP
traffic which would trigger a crash in the system, leading to a denial
of service. This issue did not affect Ubuntu 8.10.
Notes
Package
Upstream:released (2.6.27~rc7)
Package
Upstream:released (2.6.27~rc7)
More Information

Updated: 2020-01-29 19:33:17 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)