Summary
This host has Linux Kernel Stream Control Transmission Protocol (SCTP) implementation and is prone to Protocol Violation Vulnerability.
Impact
Successful attacks will result in denial of service via kernel related vectors.
Impact Level: System
Solution
Upgrade to Linux kernel 2.6.27, or
Apply the available patch from below link,
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git a=commit
h=ba0166708ef4da7eeb61dd92bbba4d5a749d6561
*****
NOTE : Ignore this warning if patch is already applied.
*****
Insight
The issue is with the parameter 'sctp_paramhdr' in sctp_sf_violation_paramlen, sctp_sf_abort_violation, and sctp_make_abort_violation functions of sm.h, sm_make_chunk.c, and sm_statefunc.c files, which has invalid length and incorrect data types in function calls.
Affected
Linux kernel version before 2.6.27 on all Linux Platforms.
References
Severity
Classification
-
CVE CVE-2008-4618 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Apple iTunes Malformed .mov File Buffer Overflow Vulnerability
- Adobe Flash Media Server Memory Corruption Remote Denial of Service Vulnerability
- Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability
- ClamAV get_unicode_name() Off-By-One Heap based BOF Vulnerability
- Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Win)