Vigil@nce - Linux kernel: denial of service via DCCP
May 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can employ an illicit DCCP socket, in order to
create a denial of service.
Severity: 1/4
Creation date: 10/05/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The DCCP (Datagram Congestion Control Protocol) protocol is
implemented in the kernel since version 2.6.14.
The dccp_parse_options() function of the "net/dccp/options.c" file
process of the DCCP socket option parsing. However if a local
attacker can employ null size DCCP options, the
dccp_parse_options() function can not correctly parse the socket
options, which causes a denial of service.
A local attacker can therefore employ an illicit DCCP socket, in
order to create a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-DCCP-10634