Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An incorrect use of state table entries in the SCTP code when certain ECNE chunks are received in CLOSED state can be exploited to cause kernel panic via a specially crafted packet.

2) An error in the handling of incoming IP-fragmented SCTP control chunks can be exploited to cause kernel panic via fragmented COOKIE_ECHO and HEARTBEAT chunks.

3) An infinite recursion error in the "sctp_skb_pull()" function of lksctp can be exploited to crash the system during message reassembly via a specially crafted packet that contains two or more DATA fragments of a message.

4) An deadlock error within the handling of the receive buffer in SCTP can be exploited to cause a DoS via a large number of small messages sent to a receiver application that causes it to run of receive buffer space.

The vulnerabilities have been reported in version 2.6.16. Other versions may also be affected.

Solution
Update to version 2.6.16.15.
Further details available to Secunia VIM customers

Provided and/or discovered by
1-2) Mu Security research team
3-4) Reported by vendor.

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://labs.musecurity.com/advisories/MU-200605-01.txt

Kernel.org:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.15
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=cb19baa0bb7a4064e6d0c99e8f479673120a9f28
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=40885c13b394cd1b74acc196f1d7990a3e0a484d
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=25958c671804a3829d822fc3ccc3eff534b1aaa0
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=2e2a2cd09dd7b3fbc99a1879a54090fd6db16f0c

Deep Links
Links available to Secunia VIM customers