search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Linux kernel fails to properly handle malformed SCTP packets

Vulnerability Note VU#717844

Original Release Date: 2006-07-14 | Last Revised: 2006-07-17

Overview

It is possible to cause a denial of service of the Linux kernel by sending a SCTP packet containing no chunks.

Description

The Stream Control Transmission Protocol (SCTP, RFC 2960) is a transport layer protocol which provides reliable, sequential transport of message streams with congestion control. SCTP packets are made up of units of information refered to as chunks. Chunks consist of a chunk header and chunk-specific user data.

The netfilter SCTP connection tracking module contains a structure called sctp_packet which takes a variable called newconntrack as an argument. By sending a SCTP packet containing no chunks to a vulnerable system, a remote attacker can cause an unexpected value in the SCTP connection tracking module. Because the value of this variable is used to look up a pointer from an array of timeouts, if this variable contains an unexpected value an error will occur.

Impact

A remote attacker can cause a denial of service, affecting system availability.

Solution

Upgrade
Obtain an updated kernel for your Linux distribution. This vulnerability is addressed in versions 2.6.16.23 or 2.6.17.3 of the Linux kernel.

It may be possible to disable or remove netfilter or SCTP conntrack support from the kernel.

Vendor Information

717844
 
Affected   Unknown   Unaffected

Trustix Secure Linux

Updated:  July 13, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see TSLSA-2006-0040.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva Inc.

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Debian GNU/Linux

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Gentoo Linux

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries)

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc.

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc.

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc.

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc.

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc.

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc.

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SUSE Linux

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc.

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc.

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ubuntu

Updated:  July 12, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

netfilter

Updated:  July 13, 2006

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 23 vendors View less vendors


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This vulnerability was reported by George A. Theall.

This document was written by Joseph Pruszynski.

Other Information

CVE IDs: CVE-2006-2934
Date Public: 2006-07-12
Date First Published: 2006-07-14
Date Last Updated: 2006-07-17 18:45 UTC
Document Revision: 78

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.