Think you have a false positive on this rule?

Sid 1-18997

Message

OS-LINUX Linux kernel sctprcvootb invalid chunk length DoS attempt

Summary

The sctprcvootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.

Impact

CVSS base score 7.8 CVSS impact score 6.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2010-0008:

CVSS base score 7.8

CVSS impact score 6.9

CVSS exploitability score 10.0

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Detailed information

CVE-2010-0008: The sctprcvootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.

Affected systems

  • linux linux_kernel 2.6
  • linux linux_kernel 2.6.0
  • linux linux_kernel 2.6.1
  • linux linux_kernel 2.6.2
  • linux linux_kernel 2.6.10
  • linux linux_kernel 2.6.11
  • linux linux_kernel 2.6.11.1
  • linux linux_kernel 2.6.11.2
  • linux linux_kernel 2.6.11.3
  • linux linux_kernel 2.6.11.4
  • linux linux_kernel 2.6.11.5
  • linux linux_kernel 2.6.11.6
  • linux linux_kernel 2.6.11.7
  • linux linux_kernel 2.6.11.8
  • linux linux_kernel 2.6.11.9
  • linux linux_kernel 2.6.11.10
  • linux linux_kernel 2.6.11.11
  • linux linux_kernel 2.6.11.12
  • linux linux_kernel 2.6.12
  • linux linux_kernel 2.6.12.1
  • linux linux_kernel 2.6.12.2
  • linux linux_kernel 2.6.12.3
  • linux linux_kernel 2.6.12.4
  • linux linux_kernel 2.6.12.5
  • linux linux_kernel 2.6.12.6
  • linux linux_kernel 2.6.13
  • linux linux_kernel 2.6.13.1
  • linux linux_kernel 2.6.13.2
  • linux linux_kernel 2.6.13.3
  • linux linux_kernel 2.6.13.4
  • linux linux_kernel 2.6.13.5
  • linux linux_kernel 2.6.14
  • linux linux_kernel 2.6.14.1
  • linux linux_kernel 2.6.14.2
  • linux linux_kernel 2.6.14.3
  • linux linux_kernel 2.6.14.4
  • linux linux_kernel 2.6.14.5
  • linux linux_kernel 2.6.14.6
  • linux linux_kernel 2.6.14.7
  • linux linux_kernel 2.6.15
  • linux linux_kernel 2.6.15.1
  • linux linux_kernel 2.6.15.2
  • linux linux_kernel 2.6.15.3
  • linux linux_kernel 2.6.15.4
  • linux linux_kernel 2.6.15.5
  • linux linux_kernel 2.6.15.6
  • linux linux_kernel 2.6.15.7
  • linux linux_kernel 2.6.16
  • linux linux_kernel 2.6.16.1
  • linux linux_kernel 2.6.16.2
  • linux linux_kernel 2.6.16.3
  • linux linux_kernel 2.6.16.4
  • linux linux_kernel 2.6.16.5
  • linux linux_kernel 2.6.16.6
  • linux linux_kernel 2.6.16.7
  • linux linux_kernel 2.6.16.8
  • linux linux_kernel 2.6.16.9
  • linux linux_kernel 2.6.16.10
  • linux linux_kernel 2.6.16.11
  • linux linux_kernel 2.6.16.12
  • linux linux_kernel 2.6.16.13
  • linux linux_kernel 2.6.16.14
  • linux linux_kernel 2.6.16.15
  • linux linux_kernel 2.6.16.16
  • linux linux_kernel 2.6.16.17
  • linux linux_kernel 2.6.16.18
  • linux linux_kernel 2.6.16.19
  • linux linux_kernel 2.6.16.20
  • linux linux_kernel 2.6.16.21
  • linux linux_kernel 2.6.16.22
  • linux linux_kernel 2.6.16.23
  • linux linux_kernel 2.6.16.24
  • linux linux_kernel 2.6.16.25
  • linux linux_kernel 2.6.16.26
  • linux linux_kernel 2.6.16.27
  • linux linux_kernel 2.6.16.28
  • linux linux_kernel 2.6.16.29
  • linux linux_kernel 2.6.16.30
  • linux linux_kernel 2.6.16.31
  • linux linux_kernel 2.6.16.32
  • linux linux_kernel 2.6.16.33
  • linux linux_kernel 2.6.16.34
  • linux linux_kernel 2.6.16.35
  • linux linux_kernel 2.6.16.36
  • linux linux_kernel 2.6.16.37
  • linux linux_kernel 2.6.16.38
  • linux linux_kernel 2.6.16.39
  • linux linux_kernel 2.6.16.40
  • linux linux_kernel 2.6.16.41
  • linux linux_kernel 2.6.16.42
  • linux linux_kernel 2.6.16.43
  • linux linux_kernel 2.6.16.44
  • linux linux_kernel 2.6.16.45
  • linux linux_kernel 2.6.16.46
  • linux linux_kernel 2.6.16.47
  • linux linux_kernel 2.6.16.48
  • linux linux_kernel 2.6.16.49
  • linux linux_kernel 2.6.16.50
  • linux linux_kernel 2.6.16.51
  • linux linux_kernel 2.6.16.52
  • linux linux_kernel 2.6.16.53
  • linux linux_kernel 2.6.16.54
  • linux linux_kernel 2.6.16.55
  • linux linux_kernel 2.6.16.56
  • linux linux_kernel 2.6.16.57
  • linux linux_kernel 2.6.16.58
  • linux linux_kernel 2.6.16.59
  • linux linux_kernel 2.6.16.60
  • linux linux_kernel 2.6.16.61
  • linux linux_kernel 2.6.16.62
  • linux linux_kernel 2.6.17
  • linux linux_kernel 2.6.17.1
  • linux linux_kernel 2.6.17.2
  • linux linux_kernel 2.6.17.3
  • linux linux_kernel 2.6.17.4
  • linux linux_kernel 2.6.17.5
  • linux linux_kernel 2.6.17.6
  • linux linux_kernel 2.6.17.7
  • linux linux_kernel 2.6.17.8
  • linux linux_kernel 2.6.17.9
  • linux linux_kernel 2.6.17.10
  • linux linux_kernel 2.6.17.11
  • linux linux_kernel 2.6.17.12
  • linux linux_kernel 2.6.17.13
  • linux linux_kernel 2.6.17.14
  • linux linux_kernel 2.6.18
  • linux linux_kernel 2.6.18.1
  • linux linux_kernel 2.6.18.2
  • linux linux_kernel 2.6.18.3
  • linux linux_kernel 2.6.18.4
  • linux linux_kernel 2.6.18.5
  • linux linux_kernel 2.6.18.6
  • linux linux_kernel 2.6.18.7
  • linux linux_kernel 2.6.18.8
  • linux linux_kernel 2.6.19
  • linux linux_kernel 2.6.19.1
  • linux linux_kernel 2.6.19.2
  • linux linux_kernel 2.6.19.3
  • linux linux_kernel 2.6.19.4
  • linux linux_kernel 2.6.19.5
  • linux linux_kernel 2.6.19.6
  • linux linux_kernel 2.6.19.7
  • linux linux_kernel 2.6.20
  • linux linux_kernel 2.6.20.1
  • linux linux_kernel 2.6.20.2
  • linux linux_kernel 2.6.20.3
  • linux linux_kernel 2.6.20.4
  • linux linux_kernel 2.6.20.5
  • linux linux_kernel 2.6.20.6
  • linux linux_kernel 2.6.20.7
  • linux linux_kernel 2.6.20.8
  • linux linux_kernel 2.6.20.9
  • linux linux_kernel 2.6.20.10
  • linux linux_kernel 2.6.20.11
  • linux linux_kernel 2.6.20.12
  • linux linux_kernel 2.6.20.13
  • linux linux_kernel 2.6.20.14
  • linux linux_kernel 2.6.20.15
  • linux linux_kernel 2.6.20.16
  • linux linux_kernel 2.6.20.17
  • linux linux_kernel 2.6.20.18
  • linux linux_kernel 2.6.20.19
  • linux linux_kernel 2.6.20.20
  • linux linux_kernel 2.6.20.21
  • linux linux_kernel 2.6.21
  • linux linux_kernel 2.6.21.1
  • linux linux_kernel 2.6.21.2
  • linux linux_kernel 2.6.21.3
  • linux linux_kernel 2.6.21.4
  • linux linux_kernel 2.6.21.5
  • linux linux_kernel 2.6.21.6
  • linux linux_kernel 2.6.21.7
  • linux linux_kernel 2.6.22
  • linux linux_kernel 2.6.22.1
  • linux linux_kernel 2.6.22.2
  • linux linux_kernel 2.6.22.3
  • linux linux_kernel 2.6.22.4
  • linux linux_kernel 2.6.22.5
  • linux linux_kernel 2.6.22.6
  • linux linux_kernel 2.6.22.7
  • linux linux_kernel 2.6.22.8
  • linux linux_kernel 2.6.22.9
  • linux linux_kernel 2.6.22.10
  • linux linux_kernel 2.6.22.11
  • linux linux_kernel 2.6.22.12
  • linux linux_kernel 2.6.22.13
  • linux linux_kernel 2.6.22.14
  • linux linux_kernel 2.6.22.15
  • linux linux_kernel 2.6.22.16
  • linux linux_kernel 2.6.22.17
  • linux linux_kernel 2.6.22.18
  • linux linux_kernel 2.6.22.19

Ease of attack

CVE-2010-0008:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References