ID CVE-2008-3792
Summary net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 11-10-2018 - 20:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
redhat via4
advisories
rhsa
id RHSA-2008:0857
rpms
  • kernel-rt-0:2.6.24.7-81.el5rt
  • kernel-rt-debug-0:2.6.24.7-81.el5rt
  • kernel-rt-debug-debuginfo-0:2.6.24.7-81.el5rt
  • kernel-rt-debug-devel-0:2.6.24.7-81.el5rt
  • kernel-rt-debuginfo-0:2.6.24.7-81.el5rt
  • kernel-rt-debuginfo-common-0:2.6.24.7-81.el5rt
  • kernel-rt-devel-0:2.6.24.7-81.el5rt
  • kernel-rt-doc-0:2.6.24.7-81.el5rt
  • kernel-rt-trace-0:2.6.24.7-81.el5rt
  • kernel-rt-trace-debuginfo-0:2.6.24.7-81.el5rt
  • kernel-rt-trace-devel-0:2.6.24.7-81.el5rt
  • kernel-rt-vanilla-0:2.6.24.7-81.el5rt
  • kernel-rt-vanilla-debuginfo-0:2.6.24.7-81.el5rt
  • kernel-rt-vanilla-devel-0:2.6.24.7-81.el5rt
refmap via4
bid 31121
bugtraq 20080911 [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences
confirm
debian DSA-1636
misc http://www.trapkit.de/advisories/TKADV2008-007.txt
mlist
  • [linux-kernel] 20080823 [GIT]: Networking
  • [linux-netdev] 20080821 [PATCH] sctp: fix potential panics in the SCTP-AUTH API.
  • [oss-security] 20080825 CVE request: kernel: sctp: fix potential panics in the SCTP-AUTH API
  • [oss-security] 20080826 Re: CVE request: kernel: sctp: fix potential panics in the SCTP-AUTH API
  • [oss-security] 20080926 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option
sectrack 1020854
secunia
  • 31881
  • 32190
  • 32393
sreason 4210
suse SUSE-SA:2008:053
ubuntu USN-659-1
xf linux-kernel-sctpauthapi-dos(45189)
statements via4
contributor Tomas Hoger
lastmodified 2009-01-15
organization Red Hat
statement This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html
Last major update 11-10-2018 - 20:49
Published 03-09-2008 - 14:12
Last modified 11-10-2018 - 20:49
Back to Top