191259 – CVE-2006-2275 SCTP receive buffer DoS

Bug 191259 - CVE-2006-2275 SCTP receive buffer DoS

Summary: CVE-2006-2275 SCTP receive buffer DoS

Keywords:
Status:	CLOSED DUPLICATE of bug 187494
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Neil Horman
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:	impact=moderate,source=vendorsec,repo...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-05-10 08:01 UTC by Marcel Holtmann
Modified:	2007-11-30 22:07 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-05-10 15:13:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Marcel Holtmann 2006-05-10 08:01:10 UTC

Linux SCTP before 2.6.17 allows remote attackers to cause a denial of service
via a large number of small messages to a receiver application that cannot
process the messages quickly enough, which leads to "spillover of the receive
buffer."

This issue hasn't been reproduced with RHEL4, but the vulnerable code is the
same as upstream.

The upstream fix can be found here:

http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5

Comment 1 Neil Horman 2006-05-10 15:13:39 UTC


*** This bug has been marked as a duplicate of 187494 ***

Note You need to log in before you can comment on or make changes to this bug.