|
|
CVE Reference: CVE-2008-4618 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-4618 |
|
|
Description: The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. |
|
|
CVE Status: Candidate |
|
|
References: UBUNTU http://www.ubuntu.com/usn/usn-679-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html SAID Secunia Advisory: SA32918 Secunia Advisory: SA32998 Secunia Advisory: SA33586 REDHAT http://www.redhat.com/support/errata/RHSA-2009-0009.html MLIST http://www.openwall.com/lists/oss-security/2008/10/06/1 DEBIAN http://www.debian.org/security/2008/dsa-1681 CONFIRM http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=ba0166708ef4da7eeb61dd92bbba4d5a749d6561 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27 BID 31848 |
|
| Return to the previous page. |
