402025 – <sys-kernel/gentoo-sources-2.6.34: net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34 allows remote attackers to cause a denial of service (OOPS) via crafted packet data (CVE-2011-1573)

Bug 402025 - <sys-kernel/gentoo-sources-2.6.34: net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34 allows remote attackers to cause a denial of service (OOPS) via crafted packet data (CVE-2011-1573)

Summary: <sys-kernel/gentoo-sources-2.6.34: net/sctp/sm_make_chunk.c in the Linux kern...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-02-03 04:45 UTC by Viorel Tabara
Modified:	2013-09-04 02:45 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Viorel Tabara 2012-02-03 04:45:54 UTC

net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when
addip_enable and auth_enable are used, does not consider the amount of
zero padding during calculation of chunk lengths for (1) INIT and (2)
INIT ACK chunks, which allows remote attackers to cause a denial of
service (OOPS) via crafted packet data.


Reproducible: Always

Comment 1 Viorel Tabara 2012-02-03 04:53:16 UTC

I'll mark this invalid as 2.6.34 is not in tree anymore. Sorry for spamming everybody.