Vulnerability Description
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 2.6.27 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
- http://patchwork.ozlabs.org/patch/15024/
- http://rhn.redhat.com/errata/RHSA-2009-0264.html
- http://secunia.com/advisories/33674
- http://secunia.com/advisories/33854
- http://secunia.com/advisories/33858
- http://secunia.com/advisories/34252
- http://secunia.com/advisories/34394
- http://secunia.com/advisories/34680
- http://secunia.com/advisories/34762
- http://secunia.com/advisories/34981
FAQ
What is CVE-2009-0065?
CVE-2009-0065 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact vi...
How severe is CVE-2009-0065?
CVE-2009-0065 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0065?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.