The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.
Software | From | Fixed in |
---|---|---|
debian / debian_linux | 5.0 | 5.0.x |
linux / linux_kernel | - | 2.6.36 |
fedoraproject / fedora | 13 | 13.x |
canonical / ubuntu_linux | 10.04 | 10.04.x |
canonical / ubuntu_linux | 10.10 | 10.10.x |
canonical / ubuntu_linux | 6.06 | 6.06.x |
canonical / ubuntu_linux | 8.04 | 8.04.x |
canonical / ubuntu_linux | 9.04 | 9.04.x |
canonical / ubuntu_linux | 9.10 | 9.10.x |