Oval Definition:oval:org.opensuse.security:def:20083792
Revision Date:2015-11-16Version:1
Title:CVE-2008-3792
Description:
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2008-3792
Platform(s):openSUSE 11.0
Product(s):
Definition Synopsis
  • suse110 is installed
  • AND Package Information
  • kernel-debug less than 2.6.25.18-0.2
  • OR kernel-default less than 2.6.25.18-0.2
  • OR kernel-docs less than 2.6.25.18-0.2
  • OR kernel-kdump less than 2.6.25.18-0.2
  • OR kernel-pae less than 2.6.25.18-0.2
  • OR kernel-ppc64 less than 2.6.25.18-0.2
  • OR kernel-ps3 less than 2.6.25.18-0.2
  • OR kernel-rt less than 2.6.25.18-0.2
  • OR kernel-rt_debug less than 2.6.25.18-0.2
  • OR kernel-source less than 2.6.25.18-0.2
  • OR kernel-syms less than 2.6.25.18-0.2
  • OR kernel-vanilla less than 2.6.25.18-0.2
  • OR kernel-xen less than 2.6.25.18-0.2
    • BACK