459955 – (CVE-2008-3792) CVE-2008-3792 kernel: sctp: fix potential panics in the SCTP-AUTH API

Bug 459955 (CVE-2008-3792) - CVE-2008-3792 kernel: sctp: fix potential panics in the SCTP-AUTH API

Summary: CVE-2008-3792 kernel: sctp: fix potential panics in the SCTP-AUTH API

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2008-3792
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	459956
Blocks:
TreeView+	depends on / blocked

Reported:	2008-08-25 07:29 UTC by Eugene Teo (Security Response)
Modified:	2021-11-12 19:52 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-12-21 17:22:01 UTC
Embargoed:

Attachments	(Terms of Use)
Upstream patch for this issue (7.23 KB, patch) 2008-08-25 07:31 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
Proposed backported patch for MRG kernel (untested) (6.28 KB, patch) 2008-08-29 08:20 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2008:0857	0	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2008-10-07 19:18:59 UTC

Description Eugene Teo (Security Response) 2008-08-25 07:29:16 UTC

Description of problem:
All of the SCTP-AUTH socket options could cause a panic if the extension is disabled and the API is envoked.

Additionally, there were some additional assumptions that certain pointers would always be valid which may not always be the case.

References:
http://marc.info/?l=linux-netdev&m=121928747903176&w=2
http://lkml.org/lkml/2008/8/23/49
http://www.openwall.com/lists/oss-security/2008/08/25/1

Comment 1 Eugene Teo (Security Response) 2008-08-25 07:31:02 UTC

Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5e739d1752aca4e8f3e794d431503bfca3162df4

Comment 2 Eugene Teo (Security Response) 2008-08-25 07:31:48 UTC

Created attachment 314907 [details]
Upstream patch for this issue

Comment 3 Eugene Teo (Security Response) 2008-08-25 07:38:08 UTC

SCTP-AUTH API was introduced in upstream commit 65b07e5d (20070916).

Comment 5 Eugene Teo (Security Response) 2008-08-29 08:20:11 UTC

Created attachment 315342 [details]
Proposed backported patch for MRG kernel (untested)

Comment 6 Luis Claudio R. Goncalves 2008-09-05 12:16:56 UTC

Queued for -79

Comment 7 Vincent Danen 2010-12-21 17:22:01 UTC

This was addressed via:

MRG Realtime for RHEL 5 Server (RHSA-2008:0857)

Note You need to log in before you can comment on or make changes to this bug.