OSVDB ID: 25696

Title: Linux Kernel SCTP Chunk Length Calculation Parameter Processing Overflow DoS

Info

Disclosure

May 22, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Linux kernel contains a flaw that may allow a remote denial of service. The issue is triggered because of a flaw in the bounds checking process of chunk lengths and parameter lengths defined in 'include/net/sctp/sctp.h'. This might lead to attempted access of invalid memory and might result in a kernel crash and hence loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 2.4.33, 2.6.16.17 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Linux

Kernel

2.6.16.16

References

CVE ID: 2006-1858 (see also: NVD)
Secunia Advisory ID: 20185 20671 20716 21045 21179 21476 21498 21605 21954 22174
SCIP VulDB ID: 2255
Related OSVDB ID: 25695 25697
Vendor URL: http://kernel.org/
Vendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33
Vendor Specific Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Aug/0005.html
http://lists.suse.com/archive/suse-security-announce/2006-Jul/0008.html
http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
http://www.trustix.org/errata/2006/0051/
http://www.ubuntu.com/usn/usn-302-1
Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://www.us.debian.org/security/2006/dsa-1097
RedHat RHSA: RHSA-2006:0617

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/25696