{"vuid":"VU#717844","idnumber":"717844","name":"Linux kernel fails to properly handle malformed SCTP packets","keywords":["Linux","kernel","DoS","denial of service","SCTP packets","chunk","netfilter","iptables"],"overview":"It is possible to cause a denial of service of the Linux kernel by sending a SCTP packet containing no chunks.","clean_desc":"The Stream Control Transmission Protocol (SCTP, RFC 2960) is a transport layer protocol which provides reliable, sequential transport of message streams with congestion control. SCTP packets are made up of units of information refered to as chunks. Chunks consist of a chunk header and chunk-specific user data. The netfilter SCTP connection tracking module contains a structure called sctp_packet which takes a variable called newconntrack as an argument. By sending a SCTP packet containing no chunks to a vulnerable system, a remote attacker can cause an unexpected value in the SCTP connection tracking module. Because the value of this variable is used to look up a pointer from an array of timeouts, if this variable contains an unexpected value an error will occur.","impact":"A remote attacker can cause a denial of service, affecting system availability.","resolution":"Upgrade\nObtain an updated kernel for your Linux distribution. This vulnerability is addressed in versions 2.6.16.23 or 2.6.17.3 of the Linux kernel. It may be possible to disable or remove netfilter or SCTP conntrack support from the kernel.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by George \nA. Theall","author":"This document was written by Joseph Pruszynski.","public":["http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.23","http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3","http://secunia.com/advisories/20917/","http://www.ietf.org/rfc/rfc2960.txt"],"cveids":["CVE-2006-2934"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-07-03T19:31:08Z","publicdate":"2006-07-12T00:00:00Z","datefirstpublished":"2006-07-14T20:54:28Z","dateupdated":"2006-07-17T18:45:16Z","revision":81,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"8","cam_easeofexploitation":"14","cam_attackeraccessrequired":"9","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}