Overview
It is possible to cause a denial of service of the Linux kernel by sending a SCTP packet containing no chunks.
Description
The Stream Control Transmission Protocol (SCTP, RFC 2960) is a transport layer protocol which provides reliable, sequential transport of message streams with congestion control. SCTP packets are made up of units of information refered to as chunks. Chunks consist of a chunk header and chunk-specific user data. The netfilter SCTP connection tracking module contains a structure called sctp_packet which takes a variable called newconntrack as an argument. By sending a SCTP packet containing no chunks to a vulnerable system, a remote attacker can cause an unexpected value in the SCTP connection tracking module. Because the value of this variable is used to look up a pointer from an array of timeouts, if this variable contains an unexpected value an error will occur. |
Impact
A remote attacker can cause a denial of service, affecting system availability. |
Solution
Upgrade |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by George A. Theall.
This document was written by Joseph Pruszynski.
Other Information
| CVE IDs: | CVE-2006-2934 |
| Date Public: | 2006-07-12 |
| Date First Published: | 2006-07-14 |
| Date Last Updated: | 2006-07-17 18:45 UTC |
| Document Revision: | 81 |