Bug 254907 (CVE-2009-0065)

Summary:	Kernel: Buffer overflow in net/sctp/sm_statefuns.c (CVE-2009-0065)
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kernel
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95
Whiteboard:	[linux <2.6.27.13] [linux >=2.6.28 <2.6.28.2]
Package list:		Runtime testing required:	---

Description Stefan Behte (RETIRED) gentoo-dev

2009-01-13 23:49:08 UTC

CVE-2009-0065 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0065):
  Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control
  Transmission Protocol (sctp) implementation in the Linux kernel
  before 2.6.28-git8 allows remote attackers to have an unknown impact
  via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-05-05 20:42:10 UTC

This is remotely exploitable and gives a Rootshell, see http://kernelbof.blogspot.com/2009/04/kernel-memory-corruptions-are-not-just.html
SCTP is not enabled by default AFAIK, but we still might want to patch this a bit faster...

Comment 2 Gordon Malm (RETIRED) gentoo-dev

2009-05-05 20:57:16 UTC

Already fixed in all hardened kernels.

Comment 3 kfm 2009-07-21 21:36:55 UTC

RE Comment 2 - Indeed. Removing alias.

PS: genpatches-2.6.27-11 added 2.6.27.13. genpatches-2.6.28-3 added 2.6.28.2. hardened-sources-2.6.25-r13 is unaffected as the patch was added independently in the preceding patchset.