Linux Kernel _sctp_make_chunk() Denial Of Service Vulnerability

2018-03-02T00:00:00
ID 1337DAY-ID-29921
Type zdt
Reporter Jakub Jirasek
Modified 2018-03-02T00:00:00

Description

Secunia Research has discovered a vulnerability in Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). An error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. The vulnerability is confirmed in versions 4.15.0-r7 and 4.15.0. Other versions may also be affected.

                                        
                                            Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability

======================================================================
1) Affected Software

* Linux Kernel version 4.15.0.
  Other versions may also by affected.

======================================================================
2) Severity

Rating: Not critical
Impact: Denial of Service
Where:  Local System

======================================================================
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Linux Kernel, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service).

An   error   in   the   "_sctp_make_chunk()"   function
(net/sctp/sm_make_chunk.c) when handling SCTP packets length can be
exploited to cause a kernel crash.

The vulnerability is confirmed in versions 4.15.0-r7 and 4.15.0.
Other versions may also be affected.

======================================================================
4) Solution

Fixed in the source code repository.
https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c

======================================================================
5) Time Table

2018/02/07 - Linux Kernel team contacted with vulnerability details.
2018/02/07 - Linux Kernel team advised reporting the vulnerability
             publicly via netdev mailing list.
2018/02/07 - Public disclosure of the vulnerability on netdev mailing
             list.
2018/02/09 - The vulnerability additionally reported on linux-sctp
             mailing list.
2018/02/28 - Release of Secunia Advisory SA81331.
2018/02/28 - Public disclosure of Secunia Research Advisory.

======================================================================
6) Credits

Jakub Jirasek, Secunia Research at Flexera.

Additionally reported by Alexey Kodanev.

#  0day.today [2018-04-08]  #