2
Candidate: CVE-2008-2826
4
https://usn.ubuntu.com/usn/usn-625-1
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2826
7
Integer overflow in the sctp_getsockopt_local_addrs_old function in
8
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
9
functionality in the Linux kernel before 2.6.25.9 allows local users to
10
cause a denial of service (resource consumption and system outage) via
11
vectors involving a large addr_num field in an sctp_getaddrs_old data
14
Gabriel Campana discovered that SCTP routines did not correctly check
15
for large addresses. A local user could exploit this to allocate all
16
available memory, leading to a denial of service.
18
kees> linux-2.6: 735ce972fbc8a65fb17788debd7bbe7b4383cc62
19
kees> was reported at one point as CVE-2008-2372
25
Patches_linux-source-2.6.15:
26
upstream_linux-source-2.6.15: needed
27
dapper_linux-source-2.6.15: released (2.6.15-52.69)
28
feisty_linux-source-2.6.15: DNE
29
gutsy_linux-source-2.6.15: DNE
30
hardy_linux-source-2.6.15: DNE
31
devel_linux-source-2.6.15: DNE
33
Patches_linux-source-2.6.20:
34
upstream_linux-source-2.6.20: needed
35
dapper_linux-source-2.6.20: DNE
36
feisty_linux-source-2.6.20: released (2.6.20-17.37)
37
gutsy_linux-source-2.6.20: DNE
38
hardy_linux-source-2.6.20: DNE
39
devel_linux-source-2.6.20: DNE
41
Patches_linux-source-2.6.22:
42
upstream_linux-source-2.6.22: needed
43
dapper_linux-source-2.6.22: DNE
44
feisty_linux-source-2.6.22: DNE
45
gutsy_linux-source-2.6.22: released (2.6.22-15.56)
46
hardy_linux-source-2.6.22: DNE
47
devel_linux-source-2.6.22: DNE
50
upstream_linux: released
54
hardy_linux: released (2.6.24-19.36)
55
devel_linux: not-affected