3 matches found
CVE-2008-4113
The sctpgetsockopthmacident function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows loc...
CVE-2008-4113
The sctpgetsockopthmacident function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows loc...
Linux Kernel 'SCTP'模块存在漏洞
BUGTRAQ ID: 31121 CVE ID:CVE-2008-3792 CNCVE ID:CNCVE-20083792 Linux是一款开放源代码的操作系统。 Linux内核'SCTP'模块存在多个安全问题,本地攻击者可以利用漏洞获得敏感信息或使内核崩溃。 问题代码如下: file: net/sctp/socket.c ... SCTPSTATIC int sctpgetsockoptstruct sock sk, int level, int optname, char user optval, int user optlen int retval = 0; int len;...