Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 460746 (CVE-2013-1828) - Kernel : sctp: SCTP_GET_ASSOC_STATS stack buffer overflow (CVE-2013-1828)
Summary: Kernel : sctp: SCTP_GET_ASSOC_STATS stack buffer overflow (CVE-2013-1828)
Status: RESOLVED OBSOLETE
Alias: CVE-2013-1828
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-08 05:44 UTC by Agostino Sarubbo
Modified: 2018-04-04 19:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-08 05:44:12 UTC
From $URL :

A local user could use the missing size check in sctp_getsockopt_assoc_stats() function to escalate 
their privileges. On x86 this might be mitigated by destination object size check as the 
destination size is known at compile time.

Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=726bc6b0

Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=196d6759

Introduced in:
v3.8-rc1

References:
https://twitter.com/grsecurity/status/309805924749541376
http://grsecurity.net/~spender/sctp.c
Comment 1 Marc Schiffbauer gentoo-dev 2013-03-24 15:25:26 UTC
Any news on this? 

For me its completly impossible to use SCTP here: As soon as clvmd connects to dlm and dlm wants to use sctp grsec will panic the system

And DLM with TCP instead of SCTP will not work because the system is multihomed...
(dlm: TCP protocol can't handle multi-homed hosts, try SCTP)


(On hardened with kernel 3.8.3 or 3.7.5 or 3.2.37 ...)
Comment 2 Marc Schiffbauer gentoo-dev 2013-03-26 11:13:48 UTC
What I have hit was a false positive in grsec which is fixed in the latest grsec patchset. See $URL for more details
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-04-04 19:25:41 UTC
There are no longer any 2.x or <3.8 kernels available in the repository with
the exception of sys-kernel/xbox-sources which is unsupported by security.