Vigil@nce - Linux kernel: NULL pointer dereference via sctp_assoc_update
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can dereference a NULL pointer in sctp_assoc_update of
the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux
Severity: 2/4
Creation date: 24/07/2014
DESCRIPTION OF THE VULNERABILITY
The SCTP protocol is used to transport several message streams,
multiplexed over one connection.
However, when 2 connections are simultaneously established between
the same hosts, and if cryptographic authentication is enabled,
the field assoc_shared_key can be NULL. When it is dereferenced,
an exception is triggered and the kernel stops.
An attacker can therefore dereference a NULL pointer in
sctp_assoc_update of the Linux kernel, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-NULL-pointer-dereference-via-sctp-assoc-update-15099