CVE-2008-3526

NameCVE-2008-3526
DescriptionInteger overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1636-1
NVD severityhigh (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linux-2.6source(unstable)2.6.26-4high
linux-2.6sourceetch(not affected)
linux-2.6.24source(unstable)2.6.24-6~etchnhalf.5high
linux-2.6.24sourceetch2.6.24-6~etchnhalf.5highDSA-1636-1

Search for package or bug name: Reporting problems