CVE-2011-1573
Published: 06 October 2011
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
From the Ubuntu security team
It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system.
Priority
CVSS 3 base score: 5.9
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by a8170c35e738d62e9919ce5b109cf4ed66e95bde |
||
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
linux-lts-raring Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.34~rc6)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573
- http://permalink.gmane.org/gmane.comp.security.oss.general/4856
- https://usn.ubuntu.com/usn/usn-1141-1
- https://usn.ubuntu.com/usn/usn-1162-1
- https://usn.ubuntu.com/usn/usn-1159-1
- https://usn.ubuntu.com/usn/usn-1236-1
- https://usn.ubuntu.com/usn/usn-1241-1
- https://usn.ubuntu.com/usn/usn-1256-1
- NVD
- Launchpad
- Debian