Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Tue, 21 Oct 2008 08:58:26 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: sctp: Fix kernel panic while
 process protocol violation parameter

Eugene Teo wrote:
> This was committed in upstream kernel recently.
> 
> "[PATCH] sctp: Fix kernel panic while process protocol violation parameter
> 
> Since call to function sctp_sf_abort_violation() need paramter 'arg'
> with 'struct sctp_chunk' type, it will read the chunk type and chunk
> length from the chunk_hdr member of chunk. But call to
> sctp_sf_violation_paramlen() always with 'struct sctp_paramhdr' type's
> parameter, it will be passed to sctp_sf_abort_violation(). This may
> cause kernel panic."
> 
> Upstream commit: ba0166708ef4da7eeb61dd92bbba4d5a749d6561
> 
> This is user-triggerable.

Ping Steve. This needs a CVE name too. Thanks!

Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux