1
Candidate: CVE-2008-4618
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4618
5
https://usn.ubuntu.com/usn/usn-679-1
7
The Stream Control Transmission Protocol (sctp) implementation in the Linux
8
kernel before 2.6.27 does not properly handle a protocol violation in which
9
a parameter has an invalid length, which allows attackers to cause a denial
10
of service (panic) via unspecified vectors, related to
11
sctp_sf_violation_paramlen, sctp_sf_abort_violation,
12
sctp_make_abort_violation, and incorrect data types in function calls.
14
It was discovered that the SCTP stack did not correctly handle bad
15
packet lengths. A remote user could exploit this by sending specially
16
crafted SCTP traffic which would trigger a crash in the system, leading
17
to a denial of service. This issue did not affect Ubuntu 8.10.
24
Patches_linux-source-2.6.15:
25
upstream_linux-source-2.6.15: released (2.6.27~rc9)
26
dapper_linux-source-2.6.15: released (2.6.15-53.74)
27
gutsy_linux-source-2.6.15: DNE
28
hardy_linux-source-2.6.15: DNE
29
intrepid_linux-source-2.6.15: DNE
30
devel_linux-source-2.6.15: DNE
32
Patches_linux-source-2.6.22:
33
upstream_linux-source-2.6.22: released (2.6.27~rc9)
34
dapper_linux-source-2.6.22: DNE
35
gutsy_linux-source-2.6.22: released (2.6.22-16.60)
36
hardy_linux-source-2.6.22: DNE
37
intrepid_linux-source-2.6.22: DNE
38
devel_linux-source-2.6.22: DNE
41
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ba0166708ef4da7eeb61dd92bbba4d5a749d6561
42
upstream_linux: released (2.6.27~rc9)
45
hardy_linux: released (2.6.24-22.45)
46
intrepid_linux: not-affected
47
devel_linux: not-affected