[Security-team] [Fwd: [SA20917] Linux Kernel SCTP Denial of Service Vulnerability]
Alexey Borovskoy
=?iso-8859-1?q?alexey=2Eborovskoy_=CE=C1_gmail=2Ecom?=
Сб Июл 8 11:30:25 MSD 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TITLE:
Linux Kernel SCTP Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA20917
VERIFY ADVISORY:
http://secunia.com/advisories/20917/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Linux Kernel 2.6.x
http://secunia.com/product/2719/
DESCRIPTION:
A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when handling SCTP
packets without a chunk. This can be exploited to crash the kernel by
sending a specially crafted SCTP packet to a vulnerable system.
SOLUTION:
Update to version 2.6.16.23 or 2.6.17.3.
http://www.kernel.org
PROVIDED AND/OR DISCOVERED BY:
The vendor credits George A. Theall.
ORIGINAL ADVISORY:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.23
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3
- --
Алексей.
GPG key fingerprint
949B BC0E 2C44 7528 4F63 2753 E37A 9E3F 11F3 BDE1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEr18Q43qePxHzveERAu0LAJ4uXIzPtCwQuiZKg9OwtKBJ5USubgCfa6cC
AWa/rvBcJtnld/S9pXFpwAQ=
=QcU/
-----END PGP SIGNATURE-----
Подробная информация о списке рассылки Security-team