It is possible to cause a denial of service of the Linux kernel by sending a SCTP packet containing no chunks.
The Stream Control Transmission Protocol (SCTP, RFC 2960) is a transport layer protocol which provides reliable, sequential transport of message streams with congestion control. SCTP packets are made up of units of information refered to as chunks. Chunks consist of a chunk header and chunk-specific user data.
The netfilter SCTP connection tracking module contains a structure called sctp_packet which takes a variable called newconntrack as an argument. By sending a SCTP packet containing no chunks to a vulnerable system, a remote attacker can cause an unexpected value in the SCTP connection tracking module. Because the value of this variable is used to look up a pointer from an array of timeouts, if this variable contains an unexpected value an error will occur.
A remote attacker can cause a denial of service, affecting system availability.
Trustix Secure Linux Affected
Conectiva Inc. Unknown
Debian GNU/Linux Unknown
Engarde Secure Linux Unknown
Fedora Project Unknown
Gentoo Linux Unknown
Hewlett-Packard Company Unknown
IBM Corporation (zseries) Unknown
IBM eServer Unknown
Immunix Communications, Inc. Unknown
Ingrian Networks, Inc. Unknown
Mandriva, Inc. Unknown
MontaVista Software, Inc. Unknown
Novell, Inc. Unknown
Openwall GNU/*/Linux Unknown
Red Hat, Inc. Unknown
SUSE Linux Unknown
Slackware Linux Inc. Unknown
Sun Microsystems, Inc. Unknown
The SCO Group Unknown
This vulnerability was reported by George A. Theall.
This document was written by Joseph Pruszynski.
|Date First Published:||2006-07-14|
|Date Last Updated:||2006-07-17 18:45 UTC|