Summary: | Kernel: Buffer overflow in net/sctp/sm_statefuns.c (CVE-2009-0065) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernel |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95 | ||
Whiteboard: | [linux <2.6.27.13] [linux >=2.6.28 <2.6.28.2] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2009-01-13 23:49:08 UTC
This is remotely exploitable and gives a Rootshell, see http://kernelbof.blogspot.com/2009/04/kernel-memory-corruptions-are-not-just.html SCTP is not enabled by default AFAIK, but we still might want to patch this a bit faster... Already fixed in all hardened kernels. |