oss-sec mailing list archives

Re: CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 7 Jan 2009 13:46:05 -0500 (EST)


======================================================
Name: CVE-2009-0065
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0065
Reference: MLIST:[oss-security] 20090105 CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with 
bad stream ID
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/05/1
Reference: 
CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95
Reference: CONFIRM:http://patchwork.ozlabs.org/patch/15024/
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=478800
Reference: BID:33113
Reference: URL:http://www.securityfocus.com/bid/33113
Reference: FRSIRT:ADV-2009-0029
Reference: URL:http://www.frsirt.com/english/advisories/2009/0029

Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control
Transmission Protocol (sctp) implementation in the Linux kernel before
2.6.28-git8 allows remote attackers to have an unknown impact via an
FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.

Current thread:

CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID Eugene Teo (Jan 04)
- Re: CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID Steven M. Christey (Jan 07)