Vigil@nce: Linux kernel, denial of service via ISDN
December 2009 by Vigil@nce
An attacker can send a short ISDN frame, in order to generate a
denial of service.
Severity: 1/4
Consequences: denial of service of computer
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: low (1/3)
Creation date: 15/12/2009
IMPACTED PRODUCTS
– Linux kernel
– SUSE Linux Enterprise Server
DESCRIPTION OF THE VULNERABILITY
ISDN networks use HDLC (High-Level Data Link Control) frames,
which end with 2 bytes of CRC and one byte of tag.
The collect_rx_frame() function of the drivers/isdn/hisax/hfc_usb.c
file truncates these 3 bytes. However, if the received frame is
too short, the function uses a negative array index.
An attacker can therefore send a short ISDN frame, in order to
generate a denial of service.
CHARACTERISTICS
Identifiers: BID-37036, CVE-2009-4005, SUSE-SA:2009:061,
VIGILANCE-VUL-9282
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-ISDN-9282