[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2008-3526 Linux kernel sctp_setsockopt_auth_key()
From: Eugene Teo <eteo () redhat ! com>
Date: 2008-08-29 1:53:07
Message-ID: 48B75683.9020800 () redhat ! com
[Download RAW message or body]
Eugene Teo wrote:
> An integer overflow flaw was found in the Linux kernel
> sctp_setsockopt_auth_key() function. The structure used for
> SCTP_AUTH_KEY option contains a length that needs to be verified to
> prevent integer overflow conditions.
>
> This affects kernel versions since 2.6.24-rc1. The proposed upstream
> commit is: 30c2235cbc477d4629983d440cdc4f496fec9246. Note that the
Take note. It needs 328fc47ea0bcc27d9afa69c3ad6e52431cadd76c too.
Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic