Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Linux kernel, denial of service of SCTP

October 2008 by Vigil@nce

An attacker can create an error in the SCTP protocol in order to panic the kernel.

- Gravity: 2/4
- Consequences: denial of service of computer
- Provenance: user shell
- Means of attack: no proof of concept, no attack
- Ability of attacker: expert (4/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: medium (2/3)
- Creation date: 22/10/2008

IMPACTED PRODUCTS

- Linux kernel
- OpenSUSE

DESCRIPTION

The SCTP protocol (Stream Control Transmission Protocol) can be used to send one or several streams.

When an error occurs in SCTP, the sctp_sf_abort_violation() function is called to interrupt the session. However, its parameters are incorrectly handled, which creates an error and stops the computer.

An attacker can therefore create an error in the SCTP protocol in order to panic the kernel.

CHARACTERISTICS

- Identifiers: BID-31848, CVE-2008-4618, SUSE-SA:2008:053, VIGILANCE-VUL-8194
- Url: http://vigilance.aql.fr/vulnerability/8194




See previous articles

    

See next articles