QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-3792

Back to search

CVE-2008-3792

Published: Sep 3, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.

VendorProductVersions

n/a

n/a

affected
n/a

References

32190
third-party-advisory
x_refsource_SECUNIA
32393
third-party-advisory
x_refsource_SECUNIA
DSA-1636
vendor-advisory
x_refsource_DEBIAN
31121
vdb-entry
x_refsource_BID
31881
third-party-advisory
x_refsource_SECUNIA
USN-659-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SA:2008:053
vendor-advisory
x_refsource_SUSE
RHSA-2008:0857
vendor-advisory
x_refsource_REDHAT
[linux-kernel] 20080823 [GIT]: Networking
mailing-list
x_refsource_MLIST
1020854
vdb-entry
x_refsource_SECTRACK
4210
third-party-advisory
x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now