CVE-2008-3792 - net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux ker

CVE-2008-3792

Summary

net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*

CVSS

Base:	7.1 (as of 11-10-2018 - 20:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:C

redhat via4

advisories

rhsa

id	RHSA-2008:0857

rpms

kernel-rt-0:2.6.24.7-81.el5rt
kernel-rt-debug-0:2.6.24.7-81.el5rt
kernel-rt-debug-debuginfo-0:2.6.24.7-81.el5rt
kernel-rt-debug-devel-0:2.6.24.7-81.el5rt
kernel-rt-debuginfo-0:2.6.24.7-81.el5rt
kernel-rt-debuginfo-common-0:2.6.24.7-81.el5rt
kernel-rt-devel-0:2.6.24.7-81.el5rt
kernel-rt-doc-0:2.6.24.7-81.el5rt
kernel-rt-trace-0:2.6.24.7-81.el5rt
kernel-rt-trace-debuginfo-0:2.6.24.7-81.el5rt
kernel-rt-trace-devel-0:2.6.24.7-81.el5rt
kernel-rt-vanilla-0:2.6.24.7-81.el5rt
kernel-rt-vanilla-debuginfo-0:2.6.24.7-81.el5rt
kernel-rt-vanilla-devel-0:2.6.24.7-81.el5rt

refmap via4

bid	31121
bugtraq	20080911 [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences
confirm	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e739d1752aca4e8f3e794d431503bfca3162df4 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4
debian	DSA-1636
misc	http://www.trapkit.de/advisories/TKADV2008-007.txt
mlist	[linux-kernel] 20080823 [GIT]: Networking [linux-netdev] 20080821 [PATCH] sctp: fix potential panics in the SCTP-AUTH API. [oss-security] 20080825 CVE request: kernel: sctp: fix potential panics in the SCTP-AUTH API [oss-security] 20080826 Re: CVE request: kernel: sctp: fix potential panics in the SCTP-AUTH API [oss-security] 20080926 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option
sectrack	1020854
secunia	31881 32190 32393
sreason	4210
suse	SUSE-SA:2008:053
ubuntu	USN-659-1
xf	linux-kernel-sctpauthapi-dos(45189)

statements via4

contributor	Tomas Hoger
lastmodified	2009-01-15
organization	Red Hat
statement	This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html

Last major update

11-10-2018 - 20:49

Published

03-09-2008 - 14:12

Last modified

11-10-2018 - 20:49