QwikSec

Security Database

CVE

CWE

Training

CVE-2008-4113

Published: Sep 16, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

http://www.trapkit.de/advisories/TKADV2008-007.txt

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SREASON

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_UBUNTU

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=d97240552cd98c4b07322f30f66fd9c3ba4171de

x_refsource_CONFIRM

SUSE-SA:2008:053

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4

x_refsource_CONFIRM

kernel-sctpgetsockopthmac-info-disclosure(45188)

vdb-entry

x_refsource_XF

20080911 [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20080926 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.