Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Wed, 08 Oct 2008 11:53:10 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: kernel: sctp: Fix oops when INIT-ACK indicates that
 peer doesn't support AUTH

This was committed in upstream kernel recently.

"[PATCH] sctp: Fix oops when INIT-ACK indicates that peer doesn't
support AUTH

If INIT-ACK is received with SupportedExtensions parameter which
indicates that the peer does not support AUTH, the packet will be
silently ignore, and sctp_process_init() do cleanup all of the
transports in the association. When T1-Init timer is expires, OOPS
happen while we try to choose a different init transport.

The solution is to only clean up the non-active transports, i.e
the ones that the peer added.  However, that introduces a problem
with sctp_connectx(), because we don't mark the proper state for
the transports provided by the user.  So, we'll simply mark
user-provided transports as ACTIVE.  That will allow INIT
retransmissions to work properly in the sctp_connectx() context
and prevent the crash."

Upstream commit: add52379dde2e5300e2d574b172e62c6cf43b3d3

This can be triggered if the SCTP connection between both ends have
mis-matched settings, i.e. one end with AUTH extensions enabled, and the
other end with AUTH extension disabled. This requires a CVE name.

Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux