The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Linux kernel: denial of service via SCTP

Synthesis of the vulnerability

An attacker can send a malformed SCTP packet, in order to stop the kernel.
Severity of this weakness: 2/4.
Creation date: 29/04/2010.
Revision date: 10/08/2010.
Références of this bulletin: BID-39794, CVE-2010-1173, DSA-2053-1, MDVSA-2010:188, MDVSA-2010:198, openSUSE-SU-2011:0346-1, openSUSE-SU-2013:0927-1, RHSA-2010:0474-01, RHSA-2010:0504-01, RHSA-2010:0631-01, SUSE-SA:2010:027, SUSE-SA:2011:015, SUSE-SA:2011:017, SUSE-SU-2011:0928-1, VIGILANCE-VUL-9618, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2.

Description of the vulnerability

The SCTP protocol uses chunks of type:
 - 0 : Payload Data (DATA)
 - 1 : Initialization (INIT)
 - 9 : Operation Error (ERROR)
 - etc.

When a listening SCTP service receives an INIT chunk containing an error, it returns an ERROR chunk. However, if the INIT packet contains several errors, the size allocated for the ERROR chunk is too short. The kernel thus detects an overflow and stops in skb_over_panic by calling the BUG() macro.

An attacker can therefore send a malformed SCTP packet, in order to stop the kernel
Full Vigil@nce bulletin... (Request your free trial)

This security announce impacts software or systems such as Debian, Linux, Mandriva Linux, openSUSE, RHEL, SLES, ESX, ESXi, vCenter Server, VirtualCenter, VMware vSphere, VMware vSphere Hypervisor.

Our Vigil@nce team determined that the severity of this threat is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability announce.

Solutions for this threat

Linux kernel: version 2.6.34.
Version 2.6.34 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

Linux kernel: version 2.6.33.6.
Version 2.6.33.6 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

Linux kernel: version 2.6.32.16.
Version 2.6.32.16 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

Linux kernel: version 2.6.27.48.
Version 2.6.27.48 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

Linux kernel: version 2.4.37.10.
Version 2.4.37.10 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.4/

Linux kernel: patch for SCTP.
A patch is available in information sources.

Debian: new linux-2.6 packages.
New packages are available:
  http://security.debian.org/pool/updates/main/l/linux-2.6/linux-*-2.6.26_2.6.26-22lenny1_*.deb

Mandriva 2009.0: new kernel packages.
New packages are available:
  Mandriva Linux 2009.0: kernel-2.6.27.53-1mnb2

Mandriva 2010.1, MES 5: new kernel packages.
New packages are available:
  Mandriva Linux 2010.1: kernel-2.6.33.7-2mnb-1-1mnb2
  Mandriva Enterprise Server 5: kernel-2.6.27.53-1mnb-1-1mnb2

openSUSE 11.2: new kernel packages (18/04/2011).
New packages are available:
  kernel-*-2.6.31.14-0.8.1

openSUSE 11.4: new kernel-3.0.58 packages (10/06/2013).
New packages are available:
  kernel-3.0.58-30.2

RHEL 4: new kernel packages.
New packages are available:
Red Hat Enterprise Linux version 4:
  kernel-2.6.9-89.0.26.EL

RHEL 5 MRG: new kernel-rt packages.
New packages are available:
  kernel-rt-2.6.24.7-161.el5rt

RHEL 5: new kernel packages.
New packages are available:
Red Hat Enterprise Linux version 5:
  kernel-2.6.18-194.8.1.el5

SUSE LE 10: new kernel packages (24/03/2011).
New packages are available, as indicated in information sources.

SUSE LE 11: new kernel packages.
New packages are available:
SUSE Linux Enterprise Server 11 SP1
  http://download.novell.com/patch/finder/?keywords=6d234b253abdbb9f30537479384ed1bd
  http://download.novell.com/patch/finder/?keywords=0e4cb330aea8c4851b064f19e6d4e99c
  http://download.novell.com/patch/finder/?keywords=329cdfcfbddc09b14ba9975bbf6d87e8
  http://download.novell.com/patch/finder/?keywords=d8e7470ce034188e261ccb5e82b64416
  http://download.novell.com/patch/finder/?keywords=22846882965710e8a968106e5fa9b938
SUSE Linux Enterprise Desktop 11 SP1
  http://download.novell.com/patch/finder/?keywords=6d234b253abdbb9f30537479384ed1bd
  http://download.novell.com/patch/finder/?keywords=22846882965710e8a968106e5fa9b938
SUSE Linux Enterprise High Availability Extension 11 SP1
  http://download.novell.com/patch/finder/?keywords=6d234b253abdbb9f30537479384ed1bd
  http://download.novell.com/patch/finder/?keywords=0e4cb330aea8c4851b064f19e6d4e99c
  http://download.novell.com/patch/finder/?keywords=329cdfcfbddc09b14ba9975bbf6d87e8
  http://download.novell.com/patch/finder/?keywords=d8e7470ce034188e261ccb5e82b64416
  http://download.novell.com/patch/finder/?keywords=22846882965710e8a968106e5fa9b938

SUSE LE 9: new kernel packages (23/08/2011).
New packages are available:
http://download.novell.com/patch/finder/?keywords=c05dae2ea95bb787f18166cf12f585e3

VMware: corrected versions.
Following versions are corrected:
VMware vCenter Server 4.1 Update 1 and modules
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
VMware vCenter Server 4.0 Update 3
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://www.vmware.com/support/vsphere4/doc/vsp_vc40_u3_rel_notes.html
ESXi 4.1 Installable Update 1
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html
  http://kb.vmware.com/kb/1027919
ESX 4.1 Update 1
  http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
  http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html
  http://kb.vmware.com/kb/1029353
ESXi 4.0
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-274-20110303-677367/ESXi400-201103001.zip
  http://kb.vmware.com/kb/1032823
ESX 4.0
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-273-20110303-574144/ESX400-201103001.zip
  http://kb.vmware.com/kb/1032822
Full Vigil@nce bulletin... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability alert. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.