|
|
CVE Reference: CVE-2008-3526 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-3526 |
|
|
Description: Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/44723 UBUNTU http://www.ubuntu.com/usn/usn-659-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html SAID Secunia Advisory: SA31881 Secunia Advisory: SA32190 Secunia Advisory: SA32393 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0857.html MLIST http://www.openwall.com/lists/oss-security/2008/08/26/9 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:223 DEBIAN http://www.debian.org/security/2008/dsa-1636 CONFIRM http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=30c2235cbc477d4629983d440cdc4f496fec9246 BID 30847 |
|
| Return to the previous page. |
