CVE-2008-3792
Description
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
21- www.debian.org/security/2008/dsa-1636nvdPatch
- securityreason.com/securityalert/4210nvdExploit
- www.securityfocus.com/bid/31121nvdExploitPatch
- secunia.com/advisories/31881nvdVendor Advisory
- secunia.com/advisories/32190nvdVendor Advisory
- secunia.com/advisories/32393nvdVendor Advisory
- www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4nvdVendor Advisory
- git.kernel.orgnvd
- lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.htmlnvd
- lkml.org/lkml/2008/8/23/49nvd
- marc.infonvd
- www.openwall.com/lists/oss-security/2008/08/25/1nvd
- www.openwall.com/lists/oss-security/2008/08/26/6nvd
- www.openwall.com/lists/oss-security/2008/08/26/8nvd
- www.openwall.com/lists/oss-security/2008/09/26/6nvd
- www.redhat.com/support/errata/RHSA-2008-0857.htmlnvd
- www.securityfocus.com/archive/1/496256/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.trapkit.de/advisories/TKADV2008-007.txtnvd
- www.ubuntu.com/usn/usn-659-1nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45189nvd
News mentions
0No linked articles in our index yet.