oss-sec mailing list archives
Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem
From: cve-assign () mitre org
Date: Fri, 27 Jun 2014 11:26:30 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
sk_ack_backlog value is decremented for this socket, since the initial value for sk_ack_backlog is 0, after the decrement, it will be 65535, a wrap-around problem happens, and if we want to establish new associations afterward in the same socket, ABORT would be triggered
A remote attacker can block further connection to the particular sctp server socket by sending a specially crafted sctp packet.
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3217b15a19a4779c39b212358a5c71d725822ee https://bugzilla.redhat.com/show_bug.cgi?id=1113967
Use CVE-2014-4667. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTrYyvAAoJEKllVAevmvmspboH+wTd8u74TVDKGExKiL/GLx1n uJoLaVZ0CmxnO5wEYcPZR1lcACTt9+01CxD8gwe+AFp+/4lcINvexZaGgG5lBHlY C/D7YHxrHGPmMEwBj7Cb3E4Vo83MwDovCfK83lNprAG2QKVg54DbupzD+a5fWdH+ 8blx0/2dJB8F1YgQd1osYghi+rZyHRwQZjR2VhyQYRTNEJHMjHAY8En+gfvgFMw+ 3l+p0XfOvJHTqBk4QBFa7kslX8VWmY2gvWXv67iTjfOVlqrpVCkfFkpm2ofW/+CF 8sq1LFu3PT8EBvW4HSKS7+BYl5k/2oC7EWpstQBN34QBOK+2k9e1h3kj+QZ9KWA= =U2mC -----END PGP SIGNATURE-----
Current thread:
- CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem Petr Matousek (Jun 27)
- Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem cve-assign (Jun 27)