Linux SCTP ECNE Chunk Handling Remote DoS
High Nessus Plugin ID 21560
SynopsisIt is possible to crash the remote host by sending it an SCTP packet.
DescriptionThere is a flaw in the SCTP code included in Linux kernel versions
2.6.16.x that results in a kernel panic when an SCTP packet with an
unexpected ECNE chunk is received in a CLOSED state. An attacker can
leverage this flaw to crash the remote host with a single, possibly
SolutionUpgrade to Linux kernel version 2.6.17 or later.