VDB
CVE-2008-3792
CVE-2008-3792
PUBLISHED
Reported by mitre · Published September 3, 2008
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Exploit Intelligence
- http://securityreason.com/securityalert/4210 (vulncheck-nvd)
- http://www.securityfocus.com/bid/31121 (vulncheck-nvd)
Timeline
- Sep 3, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- x_refsource_MISC
- 32190 third-party-advisoryx_refsource_SECUNIA
- 32393 third-party-advisoryx_refsource_SECUNIA
- DSA-1636 vendor-advisoryx_refsource_DEBIAN
- 31121 vdb-entryx_refsource_BID
- [oss-security] 20080826 Re: CVE request: kernel: sctp: fix potential panics in the SCTP-AUTH API mailing-listx_refsource_MLIST
- [oss-security] 20080826 Re: CVE request: kernel: sctp: fix potential panics in the SCTP-AUTH API mailing-listx_refsource_MLIST
- 31881 third-party-advisoryx_refsource_SECUNIA
- USN-659-1 vendor-advisoryx_refsource_UBUNTU
- linux-kernel-sctpauthapi-dos(45189) vdb-entryx_refsource_XF
- SUSE-SA:2008:053 vendor-advisoryx_refsource_SUSE
- RHSA-2008:0857 vendor-advisoryx_refsource_REDHAT
- [oss-security] 20080825 CVE request: kernel: sctp: fix potential panics in the SCTP-AUTH API mailing-listx_refsource_MLIST
- x_refsource_CONFIRM
- [linux-kernel] 20080823 [GIT]: Networking mailing-listx_refsource_MLIST
- x_refsource_CONFIRM
- 1020854 vdb-entryx_refsource_SECTRACK
- 4210 third-party-advisoryx_refsource_SREASON
- 20080911 [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences mailing-listx_refsource_BUGTRAQ
- [linux-netdev] 20080821 [PATCH] sctp: fix potential panics in the SCTP-AUTH API. mailing-listx_refsource_MLIST
…and 1 more