Bug 459955 - (CVE-2008-3792) CVE-2008-3792 kernel: sctp: fix potential panics in the SCTP-AUTH API
CVE-2008-3792 kernel: sctp: fix potential panics in the SCTP-AUTH API
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,source=netdev,report...
: Security
Depends On: 459956
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-25 03:29 EDT by Eugene Teo (Security Response)
Modified: 2010-12-21 12:22 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-21 12:22:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream patch for this issue (7.23 KB, patch)
2008-08-25 03:31 EDT, Eugene Teo (Security Response)
no flags Details | Diff
Proposed backported patch for MRG kernel (untested) (6.28 KB, patch)
2008-08-29 04:20 EDT, Eugene Teo (Security Response)
no flags Details | Diff

  None (edit)
Description Eugene Teo (Security Response) 2008-08-25 03:29:16 EDT
Description of problem:
All of the SCTP-AUTH socket options could cause a panic if the extension is disabled and the API is envoked.

Additionally, there were some additional assumptions that certain pointers would always be valid which may not always be the case.

References:
http://marc.info/?l=linux-netdev&m=121928747903176&w=2
http://lkml.org/lkml/2008/8/23/49
http://www.openwall.com/lists/oss-security/2008/08/25/1
Comment 2 Eugene Teo (Security Response) 2008-08-25 03:31:48 EDT
Created attachment 314907 [details]
Upstream patch for this issue
Comment 3 Eugene Teo (Security Response) 2008-08-25 03:38:08 EDT
SCTP-AUTH API was introduced in upstream commit 65b07e5d (20070916).
Comment 5 Eugene Teo (Security Response) 2008-08-29 04:20:11 EDT
Created attachment 315342 [details]
Proposed backported patch for MRG kernel (untested)
Comment 6 Luis Claudio R. Goncalves 2008-09-05 08:16:56 EDT
Queued for -79
Comment 7 Vincent Danen 2010-12-21 12:22:01 EST
This was addressed via:

MRG Realtime for RHEL 5 Server (RHSA-2008:0857)

Note You need to log in before you can comment on or make changes to this bug.