Vulnerability CVE-2010-1173
Published: 2010-05-07   Modified: 2012-02-13

Description:
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Linux Kernel <= 2.6.33.3 SCTP INIT Remote DoS
Jon Oberheide
10.08.2010

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Linux -> Kernel 
Linux -> Linux kernel 

 References:
http://article.gmane.org/gmane.linux.network/159531
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809
http://kbase.redhat.com/faq/docs/DOC-31052
http://marc.info/?l=oss-security&m=127251068407878&w=2
http://www.debian.org/security/2010/dsa-2053
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
http://www.openwall.com/lists/oss-security/2010/04/29/1
http://www.openwall.com/lists/oss-security/2010/04/29/6
http://www.redhat.com/support/errata/RHSA-2010-0474.html
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=584645
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11416
Copyright 2024, cxsecurity.com

 

Back to Top