Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Tue, 21 Oct 2008 10:19:13 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: sctp: Fix kernel panic while
 process protocol violation parameter

Eugene Teo wrote:
> Eugene Teo wrote:
>> This was committed in upstream kernel recently.
>>
>> "[PATCH] sctp: Fix kernel panic while process protocol violation parameter
>>
>> Since call to function sctp_sf_abort_violation() need paramter 'arg'
>> with 'struct sctp_chunk' type, it will read the chunk type and chunk
>> length from the chunk_hdr member of chunk. But call to
>> sctp_sf_violation_paramlen() always with 'struct sctp_paramhdr' type's
>> parameter, it will be passed to sctp_sf_abort_violation(). This may
>> cause kernel panic."
>>
>> Upstream commit: ba0166708ef4da7eeb61dd92bbba4d5a749d6561
>>
>> This is user-triggerable.
> 
> Ping Steve. This needs a CVE name too. Thanks!

My bad. Steve assigned this with CVE-2008-4618.

Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux