Linux kernel fails to properly handle malformed SCTP packets

Overview

It is possible to cause a denial of service of the Linux kernel by sending a SCTP packet containing no chunks.

Description

The Stream Control Transmission Protocol (SCTP, RFC 2960) is a transport layer protocol which provides reliable, sequential transport of message streams with congestion control. SCTP packets are made up of units of information refered to as chunks. Chunks consist of a chunk header and chunk-specific user data.

The netfilter SCTP connection tracking module contains a structure called sctp_packet which takes a variable called newconntrack as an argument. By sending a SCTP packet containing no chunks to a vulnerable system, a remote attacker can cause an unexpected value in the SCTP connection tracking module. Because the value of this variable is used to look up a pointer from an array of timeouts, if this variable contains an unexpected value an error will occur.

---

Impact

A remote attacker can cause a denial of service, affecting system availability.

---

Solution

Upgrade
Obtain an updated kernel for your Linux distribution. This vulnerability is addressed in versions 2.6.16.23 or 2.6.17.3 of the Linux kernel.

It may be possible to disable or remove netfilter or SCTP conntrack support from the kernel.

---

Vendor Information

717844

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Trustix Secure Linux __ Affected

Updated: July 13, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see TSLSA-2006-0040.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23717844 Feedback>).

Conectiva Inc. Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Debian GNU/Linux Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Gentoo Linux Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc. Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc. Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc. Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc. Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc. Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SUSE Linux Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc. Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc. Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ubuntu Unknown

Updated: July 12, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

netfilter Unknown

Updated: July 13, 2006

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 23 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.23&gt;
• <http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3&gt;
• <http://secunia.com/advisories/20917/&gt;
• <http://www.ietf.org/rfc/rfc2960.txt&gt;

Acknowledgements

This vulnerability was reported by George A. Theall.

This document was written by Joseph Pruszynski.

Other Information

CVE IDs:	CVE-2006-2934
Date Public:	2006-07-12 Date First Published: