Upstream information

CVE-2008-2826 at MITRE

Description

Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.9
Vector AV:L/AC:L/Au:N/C:N/I:N/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entry: 402607 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Realtime 10 SP2
  • kernel-rt >= 2.6.22.19-0.16
  • kernel-rt_bigsmp >= 2.6.22.19-0.16
  • kernel-rt_debug >= 2.6.22.19-0.16
  • kernel-rt_timing >= 2.6.22.19-0.16
  • kernel-source >= 2.6.22.19-0.16
  • kernel-syms >= 2.6.22.19-0.16
sles10-sp2.x86-64
sles10-sp2.x86
ZYPP Patch Nr: 5496
SUSE Linux Enterprise Realtime 10 SP2
  • kernel-rt >= 2.6.22.19-0.16
  • kernel-rt_debug >= 2.6.22.19-0.16
  • kernel-rt_timing >= 2.6.22.19-0.16
  • kernel-source >= 2.6.22.19-0.16
  • kernel-syms >= 2.6.22.19-0.16
sles10-sp2.x86-64
sles10-sp2.x86
ZYPP Patch Nr: 5496
openSUSE 11.0
  • kernel-debug >= 2.6.25.9-0.2
  • kernel-default >= 2.6.25.9-0.2
  • kernel-docs >= 2.6.25.9-0.2
  • kernel-pae >= 2.6.25.9-0.2
  • kernel-rt >= 2.6.25.9-0.2
  • kernel-source >= 2.6.25.9-0.2
  • kernel-syms >= 2.6.25.9-0.2
  • kernel-vanilla >= 2.6.25.9-0.2
  • kernel-xen >= 2.6.25.9-0.2