[v2.6] kernel: net: sctp: remote DoS (CVE-2014-7841)
An SCTP server doing ASCONF will panic on malformed INIT ping-of-death
in the form of:
—————— INIT[PARAM: SET_PRIMARY_IP] ——————>
A remote attacker could use this flaw to crash the system by sending a maliciously prepared SCTP packet in order to trigger a NULL pointer dereference on the server.
Fixed in 3.14.25 and 3.10.61 (please find links to the commits below).
References:
CONFIRM: http://seclists.org/oss-sec/2014/q4/604
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1163087
COMMIT (upstream):
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864
COMMIT (3.14.y):
https://github.com/torvalds/linux/commit/358905266ed83d4a9e693ae7ff86c1595220ec60
COMMIT (3.10.y):
https://github.com/torvalds/linux/commit/7031dcb018db2a7776c1c31ef156cf8ac8da8a99
(from redmine: issue id 3661, created on 2014-12-24, closed on 2017-09-05)
- Relations:
- parent #3660