Bug 459955 (CVE-2008-3792) - CVE-2008-3792 kernel: sctp: fix potential panics in the SCTP-AUTH API
Summary: CVE-2008-3792 kernel: sctp: fix potential panics in the SCTP-AUTH API
Status: CLOSED ERRATA
Alias: CVE-2008-3792
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,source=netdev,report...
Keywords: Security
Depends On: 459956
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-08-25 07:29 UTC by Eugene Teo (Security Response)
Modified: 2010-12-21 17:22 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-21 17:22:01 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream patch for this issue (7.23 KB, patch)
2008-08-25 07:31 UTC, Eugene Teo (Security Response)
no flags Details | Diff
Proposed backported patch for MRG kernel (untested) (6.28 KB, patch)
2008-08-29 08:20 UTC, Eugene Teo (Security Response)
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0857 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-10-07 19:18:59 UTC

Description Eugene Teo (Security Response) 2008-08-25 07:29:16 UTC
Description of problem:
All of the SCTP-AUTH socket options could cause a panic if the extension is disabled and the API is envoked.

Additionally, there were some additional assumptions that certain pointers would always be valid which may not always be the case.

References:
http://marc.info/?l=linux-netdev&m=121928747903176&w=2
http://lkml.org/lkml/2008/8/23/49
http://www.openwall.com/lists/oss-security/2008/08/25/1

Comment 2 Eugene Teo (Security Response) 2008-08-25 07:31:48 UTC
Created attachment 314907 [details]
Upstream patch for this issue

Comment 3 Eugene Teo (Security Response) 2008-08-25 07:38:08 UTC
SCTP-AUTH API was introduced in upstream commit 65b07e5d (20070916).

Comment 5 Eugene Teo (Security Response) 2008-08-29 08:20:11 UTC
Created attachment 315342 [details]
Proposed backported patch for MRG kernel (untested)

Comment 6 Luis Claudio R. Goncalves 2008-09-05 12:16:56 UTC
Queued for -79

Comment 7 Vincent Danen 2010-12-21 17:22:01 UTC
This was addressed via:

MRG Realtime for RHEL 5 Server (RHSA-2008:0857)


Note You need to log in before you can comment on or make changes to this bug.