CERT-In Vulnerability Note CIVN-2008-139
Linux Kernel "sctp_setsockopt_auth_key()" Denial of Service Vulnerability
Original Issue Date:
August 29, 2008
Severity Rating:
High
Systems Affected
- Linux Kernel Versions 2.6.24-rc1 and later
Overview
A vulnerability has been reported in " sctp_setsockopt_auth_key() " function in Linux Kernel, which could be exploited by a remote attacker to cause a Denial of Service.
Description
SCTP (Stream Control Transmission Protocol) is a Transport Layer protocol which provides reliable, in-sequence transport of messages with congestion control. SCTP uses sockets for communication. T he 'sctp_setsockopt_auth_key()' function is used to specify authentication options of the socket.
The vulnerability exists due to inadequate checks in the 'sctp_setsockopt_auth_key()' function of the 'net/sctp/socket.c' in the SCTP implementation. A remote attacker can exploit this issue via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option to cause an integer-overflow and thus cause a Denial of Service (kernel panic).
Solution
This issue is fixed in the GIT repository.
http://git.kernel.org:80/?p=linux/kernel/git/stable/linux
-2.6.26.y.git;a=commit;h=30c2235cbc477d4629983d440
cdc4f496fec9246
Vendor Information
Linux Kernel
http://git.kernel.org:80/?p=linux/kernel/git/stable/linux
-2.6.26.y.git;a=commit;h=30c2235cbc477d4629983d440
cdc4f496fec9246
References
SecurityFocus
http://www.securityfocus.com/bid/30847/
Juniper Networks
http://www.juniper.net/security/auto/vulnerabilities/vuln30847.html
CVE Name
CVE-2008-3526
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
