OS-LINUX Linux kernel sctpprocessunk_param SCTPChunkInit buffer overflow attempt
The sctpprocessunkparam function in net/sctp/smmake_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.
CVSS base score 7.1 CVSS impact score 6.9 CVSS exploitability score 8.6 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE
CVE-2010-1173:
CVSS base score 7.1
CVSS impact score 6.9
CVSS exploitability score 8.6
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact COMPLETE
CVE-2010-1173: The sctpprocessunkparam function in net/sctp/smmake_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.
CVE-2010-1173:
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.