CVE-2008-4576 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4576
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4576

Description: sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/45773 UBUNTU http://www.ubuntu.com/usn/usn-679-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html SAID Secunia Advisory: SA32759 Secunia Advisory: SA32918 Secunia Advisory: SA32386 Secunia Advisory: SA33182 Secunia Advisory: SA33180 Secunia Advisory: SA32998 Secunia Advisory: SA33586 REDHAT http://www.redhat.com/support/errata/RHSA-2009-0009.html http://www.redhat.com/support/errata/RHSA-2008-1017.html MLIST http://permalink.gmane.org/gmane.comp.security.oss.general/1039 http://www.gossamer-threads.com/lists/linux/kernel/981012?page=last FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1681 http://www.debian.org/security/2008/dsa-1687 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.27-rc6-git6.log http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.18 BID 31634

Return to the previous page.