fkie_cve-2008-3526
Vulnerability from fkie_nvd
Published
2008-08-27 20:41
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.
References
secalert@redhat.comhttp://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=30c2235cbc477d4629983d440cdc4f496fec9246
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
secalert@redhat.comhttp://secunia.com/advisories/31881
secalert@redhat.comhttp://secunia.com/advisories/32190
secalert@redhat.comhttp://secunia.com/advisories/32393
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1636
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:223
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2008/08/26/9
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0857.html
secalert@redhat.comhttp://www.securityfocus.com/bid/30847
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-659-1
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/44723
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=30c2235cbc477d4629983d440cdc4f496fec9246
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31881
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32190
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32393
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1636
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:223
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/08/26/9
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0857.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/30847
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-659-1
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/44723
Impacted products
Vendor Product Version
linux linux_kernel 2.6.24
linux linux_kernel 2.6.24
linux linux_kernel 2.6.24
linux linux_kernel 2.6.24.1
linux linux_kernel 2.6.24.2
linux linux_kernel 2.6.24.3
linux linux_kernel 2.6.24.4
linux linux_kernel 2.6.24.5
linux linux_kernel 2.6.24.6
linux linux_kernel 2.6.24.7
linux linux_kernel 2.6.24_rc1
linux linux_kernel 2.6.24_rc4
linux linux_kernel 2.6.24_rc5
linux linux_kernel 2.6.25
linux linux_kernel 2.6.25.1
linux linux_kernel 2.6.25.2
linux linux_kernel 2.6.25.3
linux linux_kernel 2.6.25.4
linux linux_kernel 2.6.25.5
linux linux_kernel 2.6.25.6
linux linux_kernel 2.6.25.7
linux linux_kernel 2.6.25.8
linux linux_kernel 2.6.25.9
linux linux_kernel 2.6.25.10
linux linux_kernel 2.6.25.11
linux linux_kernel 2.6.25.12
linux linux_kernel 2.6.25.13
linux linux_kernel 2.6.25.14
linux linux_kernel 2.6.25.15
linux linux_kernel 2.6.26
linux linux_kernel 2.6.26.1
linux linux_kernel 2.6.26.2
linux linux_kernel 2.6.26.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "13673DF5-09B1-40C8-AC54-A447DE8AB01E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9A12DE15-E192-4B90-ADB7-A886B3746DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FF6588E7-F4FA-40F5-8945-FC7B6094376E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52152F5A-1833-4490-A373-9C547B90B0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64A095E-5E97-445E-B435-F09983CC0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8035F93-9DEE-4B92-ABAA-4ABE0B71BF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE92406-DBF3-463E-8A51-F9679E851FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C60D19B-ED9B-443C-9D49-002ABD381119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "264C61EE-64F6-43AD-B54F-7D683C29E64F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0149408A-30F6-4EDF-8B3B-CBAB884CE758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3069324C-28FB-4BB6-9451-F3AC6A8DA64C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F3D19AD-4268-45E7-B13D-BC93ABDF2226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24_rc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E619E6-A515-43BC-B371-C1FF6DAA6CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "71295664-89EC-4BB3-9F86-B1DDA20FAC5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37BE853A-BA6F-4A70-B166-E34441F0B7DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "85064FDF-4B62-43BF-B36C-F659D739BC22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEADC505-FF44-4D45-8EA6-B23A1C4564D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CE3C807-5C9B-4B71-868B-DF17ECB1514F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6CADAA2-91D2-40C4-90F3-D7F40A3D4CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "45B6847C-873B-4BE1-852D-239115E59BA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF41209E-D27F-4642-A405-90E822A41897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F59FD9-46E5-4F63-80A0-091AD44D1867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "428844A5-E020-4AE9-8012-9AEDFCB7C32E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "94C9D70D-A552-48D6-9497-EE07EB5649D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6169FF-9FF9-4A81-BAEB-6D5132F64F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DC79CF-A504-4232-9F66-B5DCD0213DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "192B4273-0935-4232-BBFD-A850855CAC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "60E9FDA8-7EC3-4B9B-B508-27F948D60DDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E4A6E5-0C2C-42FD-B982-684CCB0DDFBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E45F4429-5A9C-4E8B-96EE-CCF19776CABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFCAF09-BB20-424C-8648-014C0F71F8A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A74970C-5EEA-47A7-A62D-AF98F4D1228F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA56669-B09E-42C2-9591-245C46909A2F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en la funci\u00f3n sctp_setsockopt_auth_key de net/sctp/socket.c en la implementaci\u00f3n Stream Control Transmission Protocol (sctp) del kernel de Linux de 2.6.24-rc1 a 2.6.26.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e1nico) o posiblemente tener otro impacto no especificado mediante un campo sca_keylength manipulado asociado con la opci\u00f3n SCTP_AUTH_KEY."
    }
  ],
  "id": "CVE-2008-3526",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-27T20:41:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=30c2235cbc477d4629983d440cdc4f496fec9246"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31881"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32190"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32393"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1636"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:223"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2008/08/26/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/30847"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-659-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=30c2235cbc477d4629983d440cdc4f496fec9246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/08/26/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-659-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44723"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.\n\nIt was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html",
      "lastModified": "2009-01-15T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.