Buffer overflow in Linux kernel sctp

Published: 2009-01-07 | Updated: 2024-06-05

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2009-0065
CWE-ID	CWE-119
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU91218

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2009-0065

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to memory corruption within the sctp_sf_eat_fwd_tsn() and sctp_sf_eat_fwd_tsn_fast() functions in net/sctp/sm_statefuns.c. A remote non-authenticated attacker can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118
https://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
https://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
https://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
https://patchwork.ozlabs.org/patch/15024/
https://rhn.redhat.com/errata/RHSA-2009-0264.html
https://secunia.com/advisories/33674
https://secunia.com/advisories/33854
https://secunia.com/advisories/33858
https://secunia.com/advisories/34252
https://secunia.com/advisories/34394
https://secunia.com/advisories/34680
https://secunia.com/advisories/34762
https://secunia.com/advisories/34981
https://secunia.com/advisories/35011
https://secunia.com/advisories/35174
https://secunia.com/advisories/35390
https://secunia.com/advisories/35394
https://secunia.com/advisories/36191
https://support.avaya.com/elmodocs2/security/ASA-2009-114.htm
https://www.debian.org/security/2009/dsa-1749
https://www.debian.org/security/2009/dsa-1787
https://www.debian.org/security/2009/dsa-1794
https://www.openwall.com/lists/oss-security/2009/01/05/1
https://www.redhat.com/support/errata/RHSA-2009-0053.html
https://www.redhat.com/support/errata/RHSA-2009-0331.html
https://www.redhat.com/support/errata/RHSA-2009-1055.html
https://www.securityfocus.com/bid/33113
https://www.securitytracker.com/id?1022698
https://www.ubuntu.com/usn/usn-751-1
https://www.vupen.com/english/advisories/2009/0029
https://www.vupen.com/english/advisories/2009/2193
https://bugzilla.redhat.com/show_bug.cgi?id=478800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10872
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.