Vigil@nce - FreeBSD: assertion error via SCTP ICMPv6
March 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force an assertion error in the SCTP stack with
ICMPv6 on FreeBSD, in order to trigger a denial of service.
Impacted products: FreeBSD.
Severity: 2/4.
Creation date: 14/01/2016.
Revision date: 25/01/2016.
DESCRIPTION OF THE VULNERABILITY
The FreeBSD kernel can be configured with the support of SCTP and
IPv6.
However, when an ICMPv6 error packet is received, an assertion
error occurs in sctp6_usrreq.c because developers did not except
this case, which stops the kernel.
An attacker can therefore force an assertion error in the SCTP
stack with ICMPv6 on FreeBSD, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/FreeBSD-assertion-error-via-SCTP-ICMPv6-18723