Date: Wed, 15 Oct 2008 14:46:39 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH This is one of those "I don't know what I'm typing" descriptions so any clarification would be welcome. - Steve ====================================================== Name: CVE-2008-4576 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4576 Reference: MLIST:[linux-kernel] 20081006 [patch 58/71] sctp: Fix oops when INIT-ACK indicates that peer doesnt support AUTH Reference: URL:http://www.gossamer-threads.com/lists/linux/kernel/981012?page=last Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-188.8.131.52 sctp in Linux kernel before 184.108.40.206 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.