Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities
BID:17910
Info
Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities
| Bugtraq ID: | 17910 |
| Class: | Design Error |
| CVE: |
CVE-2006-2271 CVE-2006-2272 |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2006 12:00AM |
| Updated: | Jan 18 2007 05:00PM |
| Credit: | This issue was discovered by the Mu Security research team. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 SuSE SUSE Linux Enterprise Server 8 SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 Redhat Fedora Core5 Redhat Fedora Core4 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Linux kernel 2.6.16 13 Linux kernel 2.6.16 .9 Linux kernel 2.6.16 .8 Linux kernel 2.6.16 .7 Linux kernel 2.6.16 .5 Linux kernel 2.6.16 .4 Linux kernel 2.6.16 .3 Linux kernel 2.6.16 .2 Linux kernel 2.6.16 .11 Linux kernel 2.6.16 .1 Linux kernel 2.6.16 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8710 CM 3.1 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8700 CM 3.1 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8500 CM 3.1 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya S8300 CM 3.1 |
| Not Vulnerable: | |
Discussion
Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities
The Linux kernel SCTP module is susceptible to remote denial-of-service vulnerabilities. These issues are triggered when the kernel handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel panics, denying further service to legitimate users.
Note that a valid SCTP endpoint must be listening.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior versions may also be affected.
The Linux kernel SCTP module is susceptible to remote denial-of-service vulnerabilities. These issues are triggered when the kernel handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel panics, denying further service to legitimate users.
Note that a valid SCTP endpoint must be listening.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior versions may also be affected.
Exploit / POC
Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities
To exploit this issue, a remote attacker uses an application that creates SCTP network packets.
To exploit this issue, a remote attacker uses an application that creates SCTP network packets.
Solution / Fix
Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities
Solution:
Fixes have been committed to the Linux kernel source-control repository.
Please see the references for vendor advisories and fixes.
Linux kernel 2.6.16 .3
Linux kernel 2.6.16 13
Linux kernel 2.6.16 .9
Linux kernel 2.6.16 .11
Linux kernel 2.6.16 .5
Linux kernel 2.6.16 .1
Linux kernel 2.6.16 .2
Linux kernel 2.6.16 .8
Linux kernel 2.6.16 .4
Linux kernel 2.6.16
Linux kernel 2.6.16 .7
Solution:
Fixes have been committed to the Linux kernel source-control repository.
Please see the references for vendor advisories and fixes.
Linux kernel 2.6.16 .3
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
Linux kernel 2.6.16 13
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
Linux kernel 2.6.16 .9
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
Linux kernel 2.6.16 .11
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
Linux kernel 2.6.16 .5
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
Linux kernel 2.6.16 .1
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
Linux kernel 2.6.16 .2
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
Linux kernel 2.6.16 .8
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
Linux kernel 2.6.16 .4
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
Linux kernel 2.6.16
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e -
RedHat Fedora kernel-2.6.16-1.2122_FC5.i586.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-2.6.16-1.2122_FC5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-2.6.16-1.2122_FC5.ppc64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-2.6.16-1.2122_FC5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-debuginfo-2.6.16-1.2122_FC5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-debuginfo-2.6.16-1.2122_FC5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-devel-2.6.16-1.2122_FC5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-devel-2.6.16-1.2122_FC5.ppc64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-devel-2.6.16-1.2122_FC5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-doc-2.6.16-1.2122_FC5.noarch.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-kdump-2.6.16-1.2122_FC5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-kdump-devel-2.6.16-1.2122_FC5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-smp-2.6.16-1.2122_FC5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-smp-devel-2.6.16-1.2122_FC5.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-xen0-2.6.16-1.2122_FC5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-xenU-2.6.16-1.2122_FC5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora kernel-xenU-devel-2.6.16-1.2122_FC5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
Linux kernel 2.6.16 .7
-
Linux [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 -
Linux [SCTP]: Fix state table entries for chunks received in CLOSED state.
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a =commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
References
Linux Kernel Multiple SCTP Remote Denial of Service Vulnerabilities
References:
References:
- ASA-2006-161 - kernel security update (RHSA-2006-0493) (Avaya)
- lksctp Project Home Page (lksctp Project)
- Multiple vulnerabilities in Linux SCTP 2.6.16 [MU-200605-01] (Mu Security)