VDB
CVE-2008-4576
CVE-2008-4576
PUBLISHED
Reported by mitre · Published October 15, 2008
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Timeline
- Oct 15, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 6, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 32998 third-party-advisoryx_refsource_SECUNIA
- SUSE-SA:2008:052 vendor-advisoryx_refsource_SUSE
- [oss-security] 20081008 CVE request: kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH mailing-listx_refsource_MLIST
- RHSA-2009:0009 vendor-advisoryx_refsource_REDHAT
- SUSE-SA:2008:053 vendor-advisoryx_refsource_SUSE
- FEDORA-2008-8929 vendor-advisoryx_refsource_FEDORA
- 31634 vdb-entryx_refsource_BID
- 33586 third-party-advisoryx_refsource_SECUNIA
- DSA-1687 vendor-advisoryx_refsource_DEBIAN
- oval:org.mitre.oval:def:9822 vdb-entrysignaturex_refsource_OVAL
- 32918 third-party-advisoryx_refsource_SECUNIA
- USN-679-1 vendor-advisoryx_refsource_UBUNTU
- linux-kernel-sctp-initack-dos(45773) vdb-entryx_refsource_XF
- 32759 third-party-advisoryx_refsource_SECUNIA
- 33180 third-party-advisoryx_refsource_SECUNIA
- x_refsource_CONFIRM
- [linux-kernel] 20081006 [patch 58/71] sctp: Fix oops when INIT-ACK indicates that peer doesnt support AUTH mailing-listx_refsource_MLIST
- 32370 third-party-advisoryx_refsource_SECUNIA
- RHSA-2008:1017 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
…and 5 more