oss-sec mailing list archives
CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference
From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 20 Jun 2013 22:16:33 +0200
A flaw was found in the way Linux kernel's SCTP network protocol implementation handled duplicate cookies. A transient empty association is created while processing the duplicate cookie chunk that userspace could query, potentially leading to NULL pointer dereference. A remote attacker able to initiate SCTP connection to the system could use this flaw to create transient conditions that could lead to remote system crash if remote system user is querying SCTP connection info at the time these conditions exist. Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2815633504b442ca0b0605c16bf3d88a3a0fcea (already in stable) References: https://bugzilla.redhat.com/show_bug.cgi?id=976562 Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference Petr Matousek (Jun 20)
- Re: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference Kurt Seifried (Jun 20)