[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2008-3526 Linux kernel sctp_setsockopt_auth_key()
From:       Eugene Teo <eteo () redhat ! com>
Date:       2008-08-29 1:53:07
Message-ID: 48B75683.9020800 () redhat ! com
[Download RAW message or body]

Eugene Teo wrote:
> An integer overflow flaw was found in the Linux kernel
> sctp_setsockopt_auth_key() function. The structure used for
> SCTP_AUTH_KEY option contains a length that needs to be verified to
> prevent integer overflow conditions.
> 
> This affects kernel versions since 2.6.24-rc1. The proposed upstream
> commit is: 30c2235cbc477d4629983d440cdc4f496fec9246. Note that the

Take note. It needs 328fc47ea0bcc27d9afa69c3ad6e52431cadd76c too.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]