Linux SCTP ICMP Packet Handling Null Dereference Remote DoS

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

It is possible to crash the remote host by sending it malformed ICMP
packets.

Description :

Linux kernels older than version 2.6.13 contain a bug that may allow
an attacker to cause a NULL pointer dereference by sending malformed
ICMP packets, thus resulting in a kernel panic.

This flaw is present only if SCTP support is enabled on the remote
host.

An attacker can use this to make this host crash continuously, thus
preventing legitimate users from using it.

See also :

http://oss.sgi.com/projects/netdev/archive/2005-07/msg00140.html

Solution :

Ugprade to Linux 2.6.13 or newer, or disable SCTP support.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Denial of Service

Nessus Plugin ID: 19777 (linux_icmp_sctp_DoS.nasl)

Bugtraq ID:

CVE ID: