Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Mon, 06 Oct 2008 15:16:03 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: kernel: sctp: Fix kernel panic while process protocol
 violation parameter

This was committed in upstream kernel recently.

"[PATCH] sctp: Fix kernel panic while process protocol violation parameter

Since call to function sctp_sf_abort_violation() need paramter 'arg'
with 'struct sctp_chunk' type, it will read the chunk type and chunk
length from the chunk_hdr member of chunk. But call to
sctp_sf_violation_paramlen() always with 'struct sctp_paramhdr' type's
parameter, it will be passed to sctp_sf_abort_violation(). This may
cause kernel panic."

Upstream commit: ba0166708ef4da7eeb61dd92bbba4d5a749d6561

This is user-triggerable.

Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux