Linux Kernel SCTP sctp_skb_pull Malformed Packet Remote DoS

2006-05-06T22:57:11
ID OSVDB:25746
Type osvdb
Reporter OSVDB
Modified 2006-05-06T22:57:11

Description

Vulnerability Description

The Linux kernel contains a flaw that may allow a remote denial of service. The issue is triggered when a SCTP packet is received that contains at least the first two fragments of a bundled message. The handling of data buffers in the kernel leads to a pointer self reference, which will lead to an infinite recursion resulting in loss of availability for the platform.

Solution Description

Upgrade to version 2.4.33-rc1 or higher or 2.6.16.15 or higher, respectively, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Linux kernel contains a flaw that may allow a remote denial of service. The issue is triggered when a SCTP packet is received that contains at least the first two fragments of a bundled message. The handling of data buffers in the kernel leads to a pointer self reference, which will lead to an infinite recursion resulting in loss of availability for the platform.

References:

Vendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33 Vendor Specific News/Changelog Entry: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6 Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:20671 Secunia Advisory ID:21045 Secunia Advisory ID:21476 Secunia Advisory ID:20398 Secunia Advisory ID:20237 Secunia Advisory ID:21745 Secunia Advisory ID:21954 Secunia Advisory ID:20716 RedHat RHSA: RHSA-2006:0493 Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1097 Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:123 ISS X-Force ID: 26432 FrSIRT Advisory: ADV-2006-1734 CVE-2006-2274 Bugtraq ID: 17955