oss-sec mailing list archives
Re: CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 7 Jan 2009 13:46:05 -0500 (EST)
====================================================== Name: CVE-2009-0065 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0065 Reference: MLIST:[oss-security] 20090105 CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/05/1 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95 Reference: CONFIRM:http://patchwork.ozlabs.org/patch/15024/ Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=478800 Reference: BID:33113 Reference: URL:http://www.securityfocus.com/bid/33113 Reference: FRSIRT:ADV-2009-0029 Reference: URL:http://www.frsirt.com/english/advisories/2009/0029 Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
Current thread:
- CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID Eugene Teo (Jan 04)
- Re: CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID Steven M. Christey (Jan 07)