CVE-2008-3792
Published: 3 September 2008
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.
From the Ubuntu Security Team
It was discovered that SCTP did not correctly validate its userspace arguments. A local attacker could call certain sctp_* functions with malicious options and cause a system crash, leading to a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Not vulnerable
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
feisty |
Not vulnerable
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Not vulnerable
|
|
hardy |
Does not exist
|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(2.6.24-21.43)
|