CVE-2010-4526

Published: 10 January 2011

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

From the Ubuntu security team

It was discovered that the ICMP stack did not correctly handle certain unreachable messages. If a remote attacker were able to acquire a socket lock, they could send specially crafted traffic that would crash the system, leading to a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.34)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=50b5d6ad63821cea324a5a7a19854d4de1a0a819
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.34)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.34)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.34)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.34)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.34)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.34)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.34)