CVE-2008-4618
Publication date 21 October 2008
Last updated 24 July 2024
Ubuntu priority
Description
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.
From the Ubuntu Security Team
It was discovered that the SCTP stack did not correctly handle bad packet lengths. A remote user could exploit this by sending specially crafted SCTP traffic which would trigger a crash in the system, leading to a denial of service. This issue did not affect Ubuntu 8.10.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
linux-source-2.6.15 | ||
linux-source-2.6.22 | ||
Patch details
Package | Patch details |
---|---|
linux |