Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 26 Aug 2008 23:00:40 +0800
From: Eugene Teo <>
Subject: Re: CVE request: kernel: sctp: fix potential panics

Hi Steve,

Steven M. Christey wrote:
> On Mon, 25 Aug 2008, Eugene Teo wrote:
>> "[PATCH] sctp: fix potential panics in the SCTP-AUTH API.
>> All of the SCTP-AUTH socket options could cause a panic if the extension
>> is disabled and the API is envoked.
> Use CVE-2008-3792, to be filled in later.
>> Additionally, there were some additional assumptions that certain
>> pointers would always be valid which may not always be the case."
> Use CVE-2008-3793, to be filled in later.  I'm assuming that when
> SCTP-AUTH is enabled, that these APIs are reachable from unprivileged
> users?

One CVE name is sufficient for this. So, we will just use CVE-2008-3792?

Thanks, Eugene
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ