Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3792

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-3792
Last Modified 19 Mar 2012 12:00:00
Published 03 Sep 2008 10:12:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3792

Summary

net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.26.3


References

BID - 31121

DEBIAN - DSA-1636

XF - linux-kernel-sctpauthapi-dos(45189)

UBUNTU - USN-659-1

MISC - http://www.trapkit.de/advisories/TKADV2008-007.txt

SECTRACK - 1020854

BUGTRAQ - 20080911 [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences

REDHAT - RHSA-2008:0857

MLIST - [oss-security] 20080926 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option

MLIST - [oss-security] 20080826 Re: CVE request: kernel: sctp: fix potential panics in the SCTP-AUTH API

MLIST - [oss-security] 20080825 CVE request: kernel: sctp: fix potential panics in the SCTP-AUTH API

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4

SREASON - 4210

SECUNIA - 32393

SECUNIA - 32190

SECUNIA - 31881

MLIST - [linux-netdev] 20080821 [PATCH] sctp: fix potential panics in the SCTP-AUTH API.

MLIST - [linux-kernel] 20080823 [GIT]: Networking

SUSE - SUSE-SA:2008:053

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e739d1752aca4e8f3e794d431503bfca3162df4


Last Updated: 27 May 2016 10:42:30