Date: Thu, 20 Jun 2013 22:16:33 +0200 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference A flaw was found in the way Linux kernel's SCTP network protocol implementation handled duplicate cookies. A transient empty association is created while processing the duplicate cookie chunk that userspace could query, potentially leading to NULL pointer dereference. A remote attacker able to initiate SCTP connection to the system could use this flaw to create transient conditions that could lead to remote system crash if remote system user is querying SCTP connection info at the time these conditions exist. Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2815633504b442ca0b0605c16bf3d88a3a0fcea (already in stable) References: https://bugzilla.redhat.com/show_bug.cgi?id=976562 Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.