Lucene search
RootSSV:3936HistoryAug 29, 2008 - 12:00 a.m.
Linux Kernel sctp_setsockopt_auth_key()函数远程拒绝服务漏洞
2008-08-2900:00:00
Root
www.seebug.org
20
0.077 Low
EPSS
Percentile
93.5%
BUGTRAQ ID: 30847
CVE(CAN) ID: CVE-2008-3526
Linux Kernel是开放源码操作系统Linux所使用的内核。
Linux Kernel的net/sctp/socket.c文件中的sctp_setsockopt_auth_key函数存在整数溢出漏洞,如果远程攻击者向该函数发送的SCTP报文中SCTP_AUTH_KEY选项包含有特制的sca_keylength字段的话,就可以触发这个溢出,导致拒绝服务的情况。
Linux kernel 2.6.24-rc1 - 2.6.26.3
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=30c2235cbc477d4629983d440cdc4f496fec9246” target=“_blank”>http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=30c2235cbc477d4629983d440cdc4f496fec9246</a>
Related
cve
cve
CVE-2008-3526
2008-08-27 20:41:00
seebug
seebug
Linux Kernel 'sctp_setsockopt_auth_key()'远程拒绝服务漏洞
2008-08-27 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:34:20
prion
prion
Integer overflow
2008-08-27 20:41:00
ubuntucve
ubuntucve
CVE-2008-3526
2008-08-27 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : kernel (MDVSA-2008:223)
2009-04-23 00:00:00
Debian DSA-1636-1 : linux-2.6.24 - denial of service/information leak
2008-09-12 00:00:00
openSUSE Security Update : kernel (kernel-270)
2009-07-21 00:00:00
openvas
openvas
Mandriva Update for kernel MDVSA-2008:223 (kernel)
2009-04-09 00:00:00
Mandriva Update for kernel MDVSA-2008:223 (kernel)
2009-04-09 00:00:00
Debian Security Advisory DSA 1636-1 (linux-2.6.24)
2008-09-17 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2008-09-14 00:00:00
osv
osv
linux-2.6.24 - several vulnerabilities
2008-09-11 00:00:00
debian
debian
suse
suse
remote denial of service in kernel
2008-10-27 17:50:21
redhat
redhat
(RHSA-2008:0857) Important: kernel security and bug fix update
2008-10-07 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2008-10-27 00:00:00