Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-3792
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-03 Sep, 2008 | 14:12
Updated At-07 Nov, 2023 | 02:02

net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.1HIGH
AV:N/AC:M/Au:N/C:N/I:N/A:C
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.26.3
cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-01-15T00:00:00

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html

References
HyperlinkSourceResource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5e739d1752aca4e8f3e794d431503bfca3162df4cve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.htmlcve@mitre.org
N/A
http://lkml.org/lkml/2008/8/23/49cve@mitre.org
N/A
http://marc.info/?l=linux-netdev&m=121928747903176&w=2cve@mitre.org
N/A
http://secunia.com/advisories/31881cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/32190cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/32393cve@mitre.org
Vendor Advisory
http://securityreason.com/securityalert/4210cve@mitre.org
Exploit
http://www.debian.org/security/2008/dsa-1636cve@mitre.org
Patch
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4cve@mitre.org
Vendor Advisory
http://www.openwall.com/lists/oss-security/2008/08/25/1cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/08/26/6cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/08/26/8cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/09/26/6cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0857.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/496256/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/31121cve@mitre.org
Exploit
Patch
http://www.securitytracker.com/id?1020854cve@mitre.org
N/A
http://www.trapkit.de/advisories/TKADV2008-007.txtcve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-659-1cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/45189cve@mitre.org
N/A
Change History
0Changes found
Details not found