ID de Prueba:	1.3.6.1.4.1.25623.1.0.800036
Categoría:	Denial of Service
Título:	Linux Kernel Stream Control Transmission Protocol Violation Vulnerability
Resumen:	This host has Linux Kernel Stream Control Transmission Protocol; (SCTP) implementation and is prone to Protocol Violation Vulnerability.
Descripción:	Summary: This host has Linux Kernel Stream Control Transmission Protocol (SCTP) implementation and is prone to Protocol Violation Vulnerability. Vulnerability Insight: The issue is with the parameter 'sctp_paramhdr' in sctp_sf_violation_paramlen, sctp_sf_abort_violation, and sctp_make_abort_violation functions of sm.h, sm_make_chunk.c, and sm_statefunc.c files, which has invalid length and incorrect data types in function calls. Vulnerability Impact: Successful attacks will result in denial of service via kernel related vectors. Affected Software/OS: Linux kernel version before 2.6.27 on all Linux Platforms. Solution: Upgrade to Linux kernel 2.6.27, or apply the available patch from the referenced link. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4618 BugTraq ID: 31848 http://www.securityfocus.com/bid/31848 Debian Security Information: DSA-1681 (Google Search) http://www.debian.org/security/2008/dsa-1681 http://www.openwall.com/lists/oss-security/2008/10/06/1 http://www.redhat.com/support/errata/RHSA-2009-0009.html http://secunia.com/advisories/32918 http://secunia.com/advisories/32998 http://secunia.com/advisories/33586 SuSE Security Announcement: SUSE-SA:2008:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html http://www.ubuntu.com/usn/usn-679-1
Copyright	Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.