SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#717844

Linux kernel fails to properly handle malformed SCTP packets

Overview

It is possible to cause a denial of service of the Linux kernel by sending a SCTP packet containing no chunks.

I. Description

The Stream Control Transmission Protocol (SCTP, RFC 2960) is a transport layer protocol which provides reliable, sequential transport of message streams with congestion control. SCTP packets are made up of units of information refered to as chunks. Chunks consist of a chunk header and chunk-specific user data.

The netfilter SCTP connection tracking module contains a structure called sctp_packet which takes a variable called newconntrack as an argument. By sending a SCTP packet containing no chunks to a vulnerable system, a remote attacker can cause an unexpected value in the SCTP connection tracking module. Because the value of this variable is used to look up a pointer from an array of timeouts, if this variable contains an unexpected value an error will occur.

II. Impact

A remote attacker can cause a denial of service, affecting system availability.

III. Solution

Upgrade

Obtain an updated kernel for your Linux distribution. This vulnerability is addressed in versions 2.6.16.23 or 2.6.17.3 of the Linux kernel.

It may be possible to disable or remove netfilter or SCTP conntrack support from the kernel.

Systems Affected

VendorStatusDate Updated
Conectiva Inc.Unknown12-Jul-2006
Debian GNU/LinuxUnknown12-Jul-2006
Engarde Secure LinuxUnknown12-Jul-2006
Fedora ProjectUnknown12-Jul-2006
Gentoo LinuxUnknown12-Jul-2006
Hewlett-Packard CompanyUnknown12-Jul-2006
IBM Corporation (zseries)Unknown12-Jul-2006
IBM eServerUnknown12-Jul-2006
Immunix Communications, Inc.Unknown12-Jul-2006
Ingrian Networks, Inc.Unknown12-Jul-2006
Mandriva, Inc.Unknown12-Jul-2006
MontaVista Software, Inc.Unknown12-Jul-2006
netfilterUnknown13-Jul-2006
Novell, Inc.Unknown12-Jul-2006
Openwall GNU/*/LinuxUnknown12-Jul-2006
Red Hat, Inc.Unknown12-Jul-2006
Slackware Linux Inc.Unknown12-Jul-2006
Sun Microsystems, Inc.Unknown12-Jul-2006
SUSE LinuxUnknown12-Jul-2006
The SCO GroupUnknown12-Jul-2006
Trustix Secure LinuxVulnerable13-Jul-2006
TurbolinuxUnknown12-Jul-2006
UbuntuUnknown12-Jul-2006

References


http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.23
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3
http://secunia.com/advisories/20917/
http://www.ietf.org/rfc/rfc2960.txt

Credit

This vulnerability was reported by George A. Theall.

This document was written by Joseph Pruszynski.

Other Information

Date Public07/12/2006
Date First Published07/14/2006 04:54:27 PM
Date Last Updated07/17/2006
CERT Advisory 
CVE-ID(s)CVE-2006-2934
NVD-ID(s)CVE-2006-2934
US-CERT Technical Alerts 
Metric0.00
Document Revision78

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader