4.9

CVE-2008-2826

Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.25.9
OpensuseOpensuse Version10.3
OpensuseOpensuse Version11.0
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEdition-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.341
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://secunia.com/advisories/31628
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0585.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
Third Party Advisory
http://secunia.com/advisories/31107
Third Party Advisory
http://www.ubuntu.com/usn/usn-625-1
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
Third Party Advisory
http://secunia.com/advisories/31551
Third Party Advisory
http://www.debian.org/security/2008/dsa-1630
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/32370
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/30901
Third Party Advisory
http://secunia.com/advisories/31202
Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207
Broken Link
https://issues.rpath.com/browse/RPL-2629
Broken Link
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=735ce972fbc8a65fb17788debd7bbe7b4383cc62
http://lwn.net/Articles/287350/
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7
Broken Link
http://www.securityfocus.com/bid/29990
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020514
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2511
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43559
Third Party Advisory
VDB Entry