Vigil@nce: Linux kernel, denial of service via SCTP ICMP
January 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can block a SCTP socket when it processes an ICMP
packet, in order to create a denial of service.
– Severity: 1/4
– Creation date: 04/01/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The SCTP protocol (Stream Control Transmission Protocol) can be
used to send several streams in the same session.
The sctp_icmp_proto_unreachable() function of the net/sctp/input.c
file processes ICMP Protocol Unreachable error packets. This
function frees its resources, even if the user locked the SCTP
socket.
A local attacker can therefore block a SCTP socket when it
processes an ICMP packet, in order to create a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-SCTP-ICMP-10246