Linux kernel SCTP-netfilter for_each_sctp_chunk() denial of service

linux-sctp-netfilter-dos (26194)

Low Risk

Description:

Linux kernel is vulnerable to a denial of service attack, caused by an infinite loop condition that can occur in the SCTP-netfilter module for_each_sctp_chunk() function. A remote attacker could exploit this vulnerability using specially-crafted packets containing an invalid SCTP (Stream Control Transmission Protocol) chunk size to consume all available CPU resources, resulting in a denial of service.

Platforms Affected:

• Canonical, Ubuntu 5.04
• Canonical, Ubuntu 5.10
• Canonical, Ubuntu 6.06 LTS
• Linux, Kernel 2.6.0 test9
• Linux, Kernel 2.6.0 test8
• Linux, Kernel 2.6.0 test7
• Linux, Kernel 2.6.0 test6
• Linux, Kernel 2.6.0 test5
• Linux, Kernel 2.6.0
• Linux, Kernel 2.6.0 test3
• Linux, Kernel 2.6.0 test2
• Linux, Kernel 2.6.0 test11
• Linux, Kernel 2.6.0 test10
• Linux, Kernel 2.6.0 test1
• Linux, Kernel 2.6.0 test4
• Linux, Kernel 2.6.1 rc3
• Linux, Kernel 2.6.1
• Linux, Kernel 2.6.1 rc1
• Linux, Kernel 2.6.1 rc2
• Linux, Kernel 2.6.10
• Linux, Kernel 2.6.10 rc1
• Linux, Kernel 2.6.10 rc2
• Linux, Kernel 2.6.10 rc3
• Linux, Kernel 2.6.11 rc2
• Linux, Kernel 2.6.11
• Linux, Kernel 2.6.11 rc1
• Linux, Kernel 2.6.11 rc3
• Linux, Kernel 2.6.11 rc5
• Linux, Kernel 2.6.11 rc4
• Linux, Kernel 2.6.11.1
• Linux, Kernel 2.6.11.10
• Linux, Kernel 2.6.11.11
• Linux, Kernel 2.6.11.12
• Linux, Kernel 2.6.11.2
• Linux, Kernel 2.6.11.3
• Linux, Kernel 2.6.11.4
• Linux, Kernel 2.6.11.5
• Linux, Kernel 2.6.11.6
• Linux, Kernel 2.6.11.7
• Linux, Kernel 2.6.11.8
• Linux, Kernel 2.6.11.9
• Linux, Kernel 2.6.12 rc6
• Linux, Kernel 2.6.12 rc5
• Linux, Kernel 2.6.12
• Linux, Kernel 2.6.12 rc1
• Linux, Kernel 2.6.12 rc2
• Linux, Kernel 2.6.12 rc3
• Linux, Kernel 2.6.12 rc4
• Linux, Kernel 2.6.12.1
• Linux, Kernel 2.6.12.12
• Linux, Kernel 2.6.12.2
• Linux, Kernel 2.6.12.22
• Linux, Kernel 2.6.12.3
• Linux, Kernel 2.6.12.4
• Linux, Kernel 2.6.12.5
• Linux, Kernel 2.6.12.6
• Linux, Kernel 2.6.13 rc7
• Linux, Kernel 2.6.13 rc6
• Linux, Kernel 2.6.13 rc5
• Linux, Kernel 2.6.13 rc4
• Linux, Kernel 2.6.13 rc3
• Linux, Kernel 2.6.13 rc2
• Linux, Kernel 2.6.13 rc1
• Linux, Kernel 2.6.13
• Linux, Kernel 2.6.13.1
• Linux, Kernel 2.6.13.2
• Linux, Kernel 2.6.13.3
• Linux, Kernel 2.6.13.4
• Linux, Kernel 2.6.13.5
• Linux, Kernel 2.6.14 rc4
• Linux, Kernel 2.6.14 rc5
• Linux, Kernel 2.6.14 rc2
• Linux, Kernel 2.6.14
• Linux, Kernel 2.6.14 rc1
• Linux, Kernel 2.6.14 rc3
• Linux, Kernel 2.6.14.1
• Linux, Kernel 2.6.14.2
• Linux, Kernel 2.6.14.3
• Linux, Kernel 2.6.14.4
• Linux, Kernel 2.6.14.5
• Linux, Kernel 2.6.14.6
• Linux, Kernel 2.6.14.7
• Linux, Kernel 2.6.15 rc4
• Linux, Kernel 2.6.15 rc5
• Linux, Kernel 2.6.15 rc6
• Linux, Kernel 2.6.15 rc7
• Linux, Kernel 2.6.15 rc1
• Linux, Kernel 2.6.15
• Linux, Kernel 2.6.15 rc2
• Linux, Kernel 2.6.15 rc3
• Linux, Kernel 2.6.15.1
• Linux, Kernel 2.6.15.11
• Linux, Kernel 2.6.15.2
• Linux, Kernel 2.6.15.3
• Linux, Kernel 2.6.15.4
• Linux, Kernel 2.6.15.5
• Linux, Kernel 2.6.15.6
• Linux, Kernel 2.6.15.7
• Linux, Kernel 2.6.16 rc3
• Linux, Kernel 2.6.16 rc4
• Linux, Kernel 2.6.16 rc5
• Linux, Kernel 2.6.16 rc6
• Linux, Kernel 2.6.16
• Linux, Kernel 2.6.16 rc7
• Linux, Kernel 2.6.16.1
• Linux, Kernel 2.6.16.10
• Linux, Kernel 2.6.16.11
• Linux, Kernel 2.6.16.12
• Linux, Kernel 2.6.16.2
• Linux, Kernel 2.6.16.3
• Linux, Kernel 2.6.16.4
• Linux, Kernel 2.6.16.5
• Linux, Kernel 2.6.16.6
• Linux, Kernel 2.6.16.7
• Linux, Kernel 2.6.16.8
• Linux, Kernel 2.6.16.9
• Linux, Kernel 2.6.2 rc3
• Linux, Kernel 2.6.2 rc2
• Linux, Kernel 2.6.2 rc1
• Linux, Kernel 2.6.2
• Linux, Kernel 2.6.3 rc3
• Linux, Kernel 2.6.3 rc2
• Linux, Kernel 2.6.3
• Linux, Kernel 2.6.3 rc1
• Linux, Kernel 2.6.3 rc4
• Linux, Kernel 2.6.4 rc3
• Linux, Kernel 2.6.4 rc2
• Linux, Kernel 2.6.4 rc1
• Linux, Kernel 2.6.4
• Linux, Kernel 2.6.5 rc2
• Linux, Kernel 2.6.5 rc3
• Linux, Kernel 2.6.5 rc1
• Linux, Kernel 2.6.5
• Linux, Kernel 2.6.6
• Linux, Kernel 2.6.6 rc1
• Linux, Kernel 2.6.6 rc2
• Linux, Kernel 2.6.6 rc3
• Linux, Kernel 2.6.7
• Linux, Kernel 2.6.7 rc3
• Linux, Kernel 2.6.7 rc1
• Linux, Kernel 2.6.7 rc2
• Linux, Kernel 2.6.8
• Linux, Kernel 2.6.8 rc2
• Linux, Kernel 2.6.8 rc1
• Linux, Kernel 2.6.8 rc3
• Linux, Kernel 2.6.8 rc4
• Linux, Kernel 2.6.8.1
• Linux, Kernel 2.6.9 rc3
• Linux, Kernel 2.6.9 rc2
• Linux, Kernel 2.6.9
• Linux, Kernel 2.6.9 rc1
• Linux, Kernel 2.6.9 rc4
• MandrakeSoft, Mandrake Linux 2006 X86_64
• MandrakeSoft, Mandrake Linux 2006
• Novell, UnitedLinux 1.0
• RedHat, Enterprise Linux 4 Desktop
• RedHat, Enterprise Linux 4 WS
• RedHat, Enterprise Linux 4 AS
• RedHat, Enterprise Linux 4 ES
• SuSE, Linux Enterprise Server 8
• SuSE, Linux Enterprise Server 9
• SuSE, SuSE Linux 10.0
• SuSE, SuSE Linux 9.1
• SuSE, SuSE Linux 9.2
• SuSE, SuSE Linux 9.3
• SuSE, SuSE SLES 9

Remedy:

Upgrade to the latest version of Linux kernel (2.6.16.13 or later), available from The Linux Kernel Archives. See References.

For Red Hat Linux:
Refer to RHSA-2006:0493-6 for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux:
Refer to SUSE-SA:2006:028 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Denial of Service

References:

• IBM Systems Support Web site, Support for HMC at https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.Readme.html#MH01110.
• The Linux Kernel Archives, ChangeLog-2.6.16.13 at http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13.
• The Linux Kernel Archives Web site, The Linux Kernel Archives at http://www.kernel.org/.
• ASA-2006-161: kernel security update (RHSA-2006-0493)
• BID-17806: Linux Kernel SCTP-netfilter Remote Denial of Service Vulnerability
• CVE-2006-1527: The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function.
• MDKSA-2006:086: Updated kernel packages fix multiple vulnerabilities
• OSVDB ID: 25229: Linux Kernel SCTP Netfilter Crafted Chunk Size DoS
• RHSA-2006-0493: kernel security update
• SA19926: Linux Kernel Security Bypass and Denial of Service
• SA21745: Avaya Products Linux Kernel Multiple Vulnerabilities
• SUSE-SA:2006:028: various kernel security problems
• USN-302-1: Linux kernel vulnerabilities
• VUPEN/ADV-2006-1632: Linux Kernel for_each_sctp_chunk() Function Denial of Service Vulnerability

Reported:

May 02, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page