Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 402025

Summary: <sys-kernel/gentoo-sources-2.6.34: net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34 allows remote attackers to cause a denial of service (OOPS) via crafted packet data (CVE-2011-1573)
Product: Gentoo Security Reporter: Viorel Tabara <gentoo>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573
Whiteboard:
Package list:
Runtime testing required: ---

Description Viorel Tabara 2012-02-03 04:45:54 UTC
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when
addip_enable and auth_enable are used, does not consider the amount of
zero padding during calculation of chunk lengths for (1) INIT and (2)
INIT ACK chunks, which allows remote attackers to cause a denial of
service (OOPS) via crafted packet data.


Reproducible: Always
Comment 1 Viorel Tabara 2012-02-03 04:53:16 UTC
I'll mark this invalid as 2.6.34 is not in tree anymore. Sorry for spamming everybody.