Red Hat Bugzilla – Bug 459955
CVE-2008-3792 kernel: sctp: fix potential panics in the SCTP-AUTH API
Last modified: 2010-12-21 12:22:01 EST
Description of problem:
All of the SCTP-AUTH socket options could cause a panic if the extension is disabled and the API is envoked.
Additionally, there were some additional assumptions that certain pointers would always be valid which may not always be the case.
Proposed upstream patch:
Created attachment 314907 [details]
Upstream patch for this issue
SCTP-AUTH API was introduced in upstream commit 65b07e5d (20070916).
Created attachment 315342 [details]
Proposed backported patch for MRG kernel (untested)
Queued for -79
This was addressed via:
MRG Realtime for RHEL 5 Server (RHSA-2008:0857)