Re: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/20/2013 02:16 PM, Petr Matousek wrote:
> A flaw was found in the way Linux kernel's SCTP network protocol 
> implementation handled duplicate cookies. A transient empty
> association is created while processing the duplicate cookie chunk
> that userspace could query, potentially leading to NULL pointer
> dereference. A remote attacker able to initiate SCTP connection to
> the system could use this flaw to create transient conditions that
> could lead to remote system crash if remote system user is querying
> SCTP connection info at the time these conditions exist.
>
> Upstream fix: 
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2815633504b442ca0b0605c16bf3d88a3a0fcea
(already in stable)
> References: https://bugzilla.redhat.com/show_bug.cgi?id=976562
>
> Thanks,

Please use CVE-2013-2206 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRw74RAAoJEBYNRVNeJnmT0OEP/2hg4COJlKdlhHO6fNV26293
DgmWgNm8gJyqaWEHnc+px2sFQ1B2tnbvsL++IqsRlhmRICFdSrVpWScC5C8kgXpC
ZUV/5ZuP5UvkGdEc1TXN2IhWE7FO4hcNtwb3Or0rwFpbHqUw1Qnpin36mzwoF5Uw
m+RDo5mTzfe/6VVQO7savEoyHqCcfDp/Z40BJKhk6ieds6y4cDW2AwbPn1fg8fBb
cAvZo547znvS2WK0xOtbRrNX/X2GPUbXBNRg5d+k3aq9k9Fomo70JCqfKGo3YWly
nqu8+HApkLqB0ucI1x+Ore5fCTyzkKzcMT9o4hFuuzVBowXbgYuGhhddrXDFfdOW
wTVdHL+0aDMRimCwzhGyvMSPnLlmj6ypojn//u1E3/u3iaYiURndf5wD8b3PRLMp
XtLPyWPaZle0XxMaVeuJIrmjC+ZjM9ewstI7QyGhPgxUmRy0vSrCgvWrfnHNo12g
aoLx4smNrNVy2QbOKtR37rclzC967JkKv1blKIYyJsC1BAdHvu7xa+XMCYfjqfrN
9t97r7QNMamO0j+UG5b8EhTdZE9h37WxLCU9xWTpGaogI2bXr9ekFC8hYdWTkPuB
+ULBzbG1H1DcUBpOg+fEBqdQrr/zFRfMKriVweWOS2RaS52PFYOXVce+ts3cDkJZ
DJB7sp1Sg8UG10VREC7N
=gs1G
-----END PGP SIGNATURE-----