Re: CVE request: FreeBSD SCTP remote DoS

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/28/2012 01:39 PM, Raphael Geissert wrote:
> On Tuesday 28 August 2012 03:50:41 Simon L. B. Nielsen wrote:
> > On Tue, Aug 28, 2012 at 7:25 AM, Raphael Geissert
> > <geissert () debian org>
> wrote:
> > > There appears to be a remote DoS (via a NULL pointer
> > > dereference in the kernel) vulnerability in FreeBSD's SCTP
> > > implementation[1].
> > >
> > > Has a CVE id been assigned to it already?
> > >
> > > [1]http://www.exploit-db.com/exploits/20226/
> >
> > I don't think have one gotten assigned, but probably should.
> > Probably best to go to Mitre to make sure we don't accidentally
> > get a duplicate. Feel free to requeste one, or I can do it later.
> > Please cc: secteam () freebsd org on any request to minimize risk of
> > confusion.
>
> Kurt, could you please assign one?
>
> Thanks in advance.
>
> Kind regards,

Sorry thought this was going to mitre, had to make sure they didn't
assign one yet.

Please use CVE-2012-3549 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQPl9RAAoJEBYNRVNeJnmTs7YP/3g+fl8JXye6WO1l5fP+nWnq
y5DCW/QPKyrDjCIBZaMkdwSJoULWmoZTYg60atYyvmYIIOIJ0rny0JRVmJzFbTni
lz0rOQFZz4W1X0AJicHx2B08ItB2Gpza1kMW0YlTH3fL5Mm+mt1e87r6/GSxgNHr
JvA5Dw/3FF8p4MnRsDyDhgWicHUFi5Ir42q3vWk/EUqGvx9g4lHZrDQ9Be0yAP/4
ebQt3w6/wnMgEL4FS15f5KswZKZ3lesFgNTY8I2xPv0GqUHryyf3I3VSdACB/kqm
L/I0KOADP1yTL3eViIs7Jn6kuUYo74K9PDXT6SI0mkkJPXkbEUpquh8rtdkXxN6l
samtvfNCFaGbgStXO4F3SEMBaojkgnWp9/KkdfaQV/VPOG+rUVR/yX7YRuDDcpU9
eeeuJuumzMXbqrYBmt1oh5SYefxD/2MRRjb56VkP6MncbKMCIsAz+vFGCXrpO9a3
4dzDZ/wxV93tSP48SQzvEhQCIyuFZqfahyKgDx5u1D0H5asY2qLEHeo8ZFQsGMlP
gmLejzhlZterpdFRB/++zmwkst58Wyj1PtEhsOpYooRHSeUv8WBmJCHJLFzV/3nA
3Rm+uhw1D/MNUnNigYh/8IsLanidOkLvIOGrKhVv2UyiwuJ0U3hA4aXGbgxXr+aj
1l1yZmn1KTLlP3kpT6Fo
=WlKT
-----END PGP SIGNATURE-----