oss-sec mailing list archives
CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit
From: Petr Matousek <pmatouse () redhat com>
Date: Fri, 13 Sep 2013 15:38:19 +0200
Alan Chester reported an issue with IPv6 on SCTP that IPsec traffic is not being encrypted, whereas on IPv4 it is. Setting up an AH + ESP transport does not seem to have the desired effect: SCTP + IPv4: 22:14:20.809645 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto AH (51), length 116) 192.168.0.2 > 192.168.0.5: AH(spi=0x00000042,sumlen=16,seq=0x1):ESP(spi=0x00000044,seq=0x1), length 72 22:14:20.813270 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF],proto AH (51), length 340) 192.168.0.5 > 192.168.0.2: AH(spi=0x00000043,sumlen=16,seq=0x1): SCTP + IPv6: 22:31:19.215029 IP6 (class 0x02, hlim 64, next-header SCTP (132)payload length: 364) fe80::222:15ff:fe87:7fc.3333 > fe80::92e6:baff:fe0d:5a54.36767:sctp 1) [INIT ACK] [init tag: 747759530] [rwnd: 62464] [OS: 10] [MIS:10] References: https://bugzilla.kernel.org/show_bug.cgi?id=24412 https://bugzilla.redhat.com/show_bug.cgi?id=1007872 Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7 Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit Petr Matousek (Sep 13)
- Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit Kurt Seifried (Sep 13)