QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-4445

Back to search

CVE-2008-4445

Published: Oct 6, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.

VendorProductVersions

n/a

n/a

affected
n/a

References

32190
third-party-advisory
x_refsource_SECUNIA
DSA-1655
vendor-advisory
x_refsource_DEBIAN
32393
third-party-advisory
x_refsource_SECUNIA
31121
vdb-entry
x_refsource_BID
MDVSA-2008:223
vendor-advisory
x_refsource_MANDRIVA
USN-659-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SA:2008:053
vendor-advisory
x_refsource_SUSE
RHSA-2008:0857
vendor-advisory
x_refsource_REDHAT
1021001
vdb-entry
x_refsource_SECTRACK
32315
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now