Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0810151440370.15058@faron.mitre.org>
Date: Wed, 15 Oct 2008 14:46:39 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: kernel: sctp: Fix oops when INIT-ACK
 indicates that peer doesn't support AUTH


This is one of those "I don't know what I'm typing" descriptions so any
clarification would be welcome.

- Steve


======================================================
Name: CVE-2008-4576
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4576
Reference: MLIST:[linux-kernel] 20081006 [patch 58/71] sctp: Fix oops when INIT-ACK indicates that peer doesnt support AUTH
Reference: URL:http://www.gossamer-threads.com/lists/linux/kernel/981012?page=last
Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.18

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause
a denial of service (OOPS) via an INIT-ACK that states the peer does
not support AUTH, which causes the sctp_process_init function to clean
up active transports and triggers the OOPS when the T1-Init timer
expires.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.