Linux Kernel SCTP Fragmented Control Chunk Remote DoS

2006-05-09T06:47:33
ID OSVDB:25633
Type osvdb
Reporter Mu Security()
Modified 2006-05-09T06:47:33

Description

Vulnerability Description

The Linux kernel contains a flaw that may allow a remote denial of service. The issue is present in the Stream Control Transmission Protocol (SCTP) code of the kernel. It is triggered when IP-fragmented SCTP control chunks are received by the kernel. Incorrect handling of these in the 'skb_pull()' function might result in a kernel panic, and therefore in loss of availability for the platform.

Solution Description

Upgrade to version 2.4.33, 2.6.17 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Linux kernel contains a flaw that may allow a remote denial of service. The issue is present in the Stream Control Transmission Protocol (SCTP) code of the kernel. It is triggered when IP-fragmented SCTP control chunks are received by the kernel. Incorrect handling of these in the 'skb_pull()' function might result in a kernel panic, and therefore in loss of availability for the platform.

References:

Vendor URL: http://lksctp.sourceforge.net/ Vendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33 Vendor Specific News/Changelog Entry: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 Vendor Specific News/Changelog Entry: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:20671 Secunia Advisory ID:21476 Secunia Advisory ID:20398 Secunia Advisory ID:19990 Secunia Advisory ID:20157 Secunia Advisory ID:20237 Secunia Advisory ID:21745 Secunia Advisory ID:21954 Secunia Advisory ID:20716 Related OSVDB ID: 25632 RedHat RHSA: RHSA-2006:0493 Other Advisory URL: http://labs.musecurity.com/advisories/MU-200605-01.txt Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1097 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html FrSIRT Advisory: ADV-2006-1734 CVE-2006-2272