| VID |
12088 |
| Severity |
30 |
| Port |
|
| Protocol |
SCTP |
| Class |
Protocol |
| Detailed Description |
The Linux host is vulnerable to a denial of service attack via the SCTP packet with unexpected ECNE chunk. The Linux Kernel Stream Control Transmission Protocol (lksctp) project is an implementation of the Stream Control Transmission Protocol (SCTP) in the Linux kernel. The SCTP implementation in Linux kernel versions 2.6.16.x prior to 2.6.17 could allow a remote attacker to cause a denial of service, caused by improper handling of ECNE chunks that are received in the CLOSED state. A remote attacker could exploit this vulnerability to cause a kernel panic.
* References:
http://lksctp.sourceforge.net/
http://labs.musecurity.com/advisories/MU-200605-01.txt
http://www.networksorcery.com/enp/protocol/sctp.htm#Chunk
http://www.frsirt.com/english/advisories/2006/1734
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
* Platforms Affected:
Kernel.Org Organization, Inc., Linux kernel versions 2.6.16.x prior to 2.6.17 |
| Recommendation |
Upgrade to the latest stable version of Linux kernel (2.6.17 or later). Contact your vendor for upgrade information. The Official Web site of the Linux Kernel is the Linux Kernel Archives at http://www.kernel.org/
-- OR --
To patch or upgrade, refer to Red Hat Linux Security Advisory RHSA-2006:0493-6 at https://rhn.redhat.com/errata/RHSA-2006-0493.html |
| Related URL |
CVE-2006-2271 (CVE) |
| Related URL |
17910 (SecurityFocus) |
| Related URL |
26430 (ISS) |
|
