blob: 0e1bcfb9ab8b9f9ed0e5c802e64df709b24fe0a7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2007-2876
References:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4
Description:
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2)
nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13,
and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of
service by causing certain invalid states that trigger a NULL pointer
dereference.
Ubuntu-Description:
Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly
validate certain states. A remote attacker could send a specially crafted
packet causing a denial of service.
Notes:
When creating a new connection by sending an unknown chunk type, we
don't transition to a valid state, causing a NULL pointer dereference in
sctp_packet when accessing sctp_timeouts[SCTP_CONNTRACK_NONE].
Bugs:
upstream: released (2.6.21.4)
linux-2.6: released (2.6.21-5)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/nf_conntrack_sctp-null-deref.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [71405ef45b6a5da5419cf4580db7fe9666a63774]
2.6.20-feisty-security: released (2.6.20-16.31) [b72e4ea43b03b980f6818a10050f2d65d347f36c]
|