CERT-FI Advisory on Linux SCTP INIT message handling

Details

A vulnerability regarding the handling of SCTP INIT chunks has been found in the Linux kernel. The vulnerability allows a remote attacker to cause a Denial of Service by sending single SCTP message containing a malformed INIT chunk to a vulnerable system. The vulnerability affects only systems which have SCTP kernel module loaded and SCTP port listening for connections.

CERT-FI coordinated the remediation effort of the vulnerability.

Vulnerability Coordination Information and Acknowledgements

CERT-FI has coordinated the release of this vulnerability between the vulnerability researcher and the affected vendors. CERT-FI would like to thank Jukka Taimisto and Olli Jarva from the CROSS project at Codenomicon Oy and the vendors for co-operation in the remediation efforts.

Vendor Information

Linux distributions running kernels based on upstream kernel with SCTP support are most probably affected. A git commit (5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809) to fix the vulnerability is available and has been included in linux kernel 2.6.34. Several vendors have also made available packages containing a fix.

Remediation

Install either a fixed version of the Linux kernel or a fixed version of the Linux kernel package provided by your distribution. The vulnerability can additionally be mitigated by disabling SCTP in the kernel or by filtering SCTP traffic.

References

• CVE-2010-1173
• http://www.codenomicon.com/labs/cross
• http://permalink.gmane.org/gmane.linux.debian.user.security.announce/2135
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1173
• http://kbase.redhat.com/faq/docs/DOC-31052
• http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=log;h=66f41d4c5c8a5deed66fdcc84509376c9a0bf9d8
• http://www.codenomicon.com/labs/cross
• http://www.debian.org/security/2010/dsa-2053
  

Contact Information

CERT-FI Vulnerability Coordination can be contacted as follows:

Email:
vulncoord@ficora.fi
Please quote the advisory reference [FICORA #370213] in the subject line

Telephone:
+358 9 6966 510
Monday - Friday 08:00 - 16:15 (EET: UTC+2)

Fax :
+358 9 6966 515

Post:
Vulnerability Coordination
FICORA/CERT-FI
P.O. Box 313
FI-00181 Helsinki
FINLAND

CERT-FI encourages those who wish to communicate via email to make use
of our PGP key. The key is available at

https://www.cert.fi/en/activities/contact/pgp-keys.html

The CERT-FI vulnerability coordination policy can be viewed at

https://www.cert.fi/en/activities/Vulncoord/vulncoord-policy.html.

Revision History:

15 Jun 2010, 15:57 UTC: Published