Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Linux kernel, denial of service of SCTP

October 2008 by Vigil@nce

An attacker can create an error in the SCTP protocol in order to
panic the kernel.

 Gravity: 2/4
 Consequences: denial of service of computer
 Provenance: user shell
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: medium (2/3)
 Creation date: 22/10/2008

IMPACTED PRODUCTS

 Linux kernel
 OpenSUSE

DESCRIPTION

The SCTP protocol (Stream Control Transmission Protocol) can be
used to send one or several streams.

When an error occurs in SCTP, the sctp_sf_abort_violation()
function is called to interrupt the session. However, its
parameters are incorrectly handled, which creates an error and
stops the computer.

An attacker can therefore create an error in the SCTP protocol in
order to panic the kernel.

CHARACTERISTICS

 Identifiers: BID-31848, CVE-2008-4618, SUSE-SA:2008:053,
VIGILANCE-VUL-8194
 Url: http://vigilance.aql.fr/vulnerability/8194


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts