oss-sec mailing list archives
CVE request: kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH
From: Eugene Teo <eteo () redhat com>
Date: Wed, 08 Oct 2008 11:53:10 +0800
This was committed in upstream kernel recently. "[PATCH] sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH If INIT-ACK is received with SupportedExtensions parameter which indicates that the peer does not support AUTH, the packet will be silently ignore, and sctp_process_init() do cleanup all of the transports in the association. When T1-Init timer is expires, OOPS happen while we try to choose a different init transport. The solution is to only clean up the non-active transports, i.e the ones that the peer added. However, that introduces a problem with sctp_connectx(), because we don't mark the proper state for the transports provided by the user. So, we'll simply mark user-provided transports as ACTIVE. That will allow INIT retransmissions to work properly in the sctp_connectx() context and prevent the crash." Upstream commit: add52379dde2e5300e2d574b172e62c6cf43b3d3 This can be triggered if the SCTP connection between both ends have mis-matched settings, i.e. one end with AUTH extensions enabled, and the other end with AUTH extension disabled. This requires a CVE name. Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE request: kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH Eugene Teo (Oct 07)
- Re: CVE request: kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH Marcus Meissner (Oct 15)
- Re: CVE request: kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH Steven M. Christey (Oct 15)