Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option

[Eugene Teo <eteo () redhat com>]

Hi Steve,

Eugene Teo wrote:
> Steven M. Christey wrote:
> > On Thu, 25 Sep 2008, Eugene Teo wrote:
> > > The first three references to CVE-2008-4113[1] are incorrect. Please
> > > update the CVE with the following references:
> > >
> > > http://marc.info/?l=linux-sctp&m=121986743009093&w=2
> > > http://marc.info/?l=linux-sctp&m=121986743209110&w=2
> > >
> > > [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113
> > This was in reference to the TKADV2008-007 advisory.
> >
> > I guess the question becomes - TKADV2008-007 talks about separate issues,
> > one involving crashes by calling the API functions when SCTP-AUTH is
> > disabled (CVE-2008-3792), and another involving SCTP_HMAC_IDENT and a
> > length value for sctp_getsockopt_hmac_ident.
>
> I see what the confusion is now.
>
> TKADV2008-007[1] mentioned two separate, but related issues. The second
> issue that the advisory mentioned is an example of a function that may
> have two possible consequences, and it all depends on whether SCTP
> authentication is enabled or not.
>
> The patch[2] that addressed these issues mentioned only one of them in
> the changelog description, even though it appears to be fixing possibly
> more than two issues.
>
> Should this be assigned with just one CVE name instead of two?

I re-read it over again, and I agree that assigning two CVE names for
this makes sense. Sorry for the confusion.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team