CVE-2008-2826
Published: 2 July 2008
Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure.
From the Ubuntu Security Team
Gabriel Campana discovered that SCTP routines did not correctly check for large addresses. A local user could exploit this to allocate all available memory, leading to a denial of service.
Notes
Author | Note |
---|---|
kees | linux-2.6: 735ce972fbc8a65fb17788debd7bbe7b4383cc62 was reported at one point as CVE-2008-2372 |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(2.6.24-19.36)
|
|
upstream |
Released
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-52.69)
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Needed
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Released
(2.6.20-17.37)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Needed
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Released
(2.6.22-15.56)
|
|
hardy |
Does not exist
|
|
upstream |
Needed
|