Security - Base Kernel - SCTP_Null Ptr Deref - ASCONF -need patch
*question:
why is this not under security advisories?
http://www.freebsd.org/security/advisories.html
http://www.securiteam.com/securitynews/5GP381582Q.html
Tue Aug 28 /home/***adm/sctpvulndir
process: root [sctp_iterator]
*title
FreeBSD SCTP NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54797
Vulnerable Systems: Mozilla am4ss??
****
*register for vigilance
http://vigilance.fr/vulnerability/FreeBSD-denial-of-service-via-SCTP-11823
*bulletin altert:
Vigil@nce vulnerability bulletin 11823
*title
FreeBSD: denial of service via SCTP
Synthesis of the vulnerability
A remote attacker can send a special SCTP packet to FreeBSD,
in order to stop the kernel.
Severity: 2/4.
Creation date: 06/08/2012.
*Description of the vulnerability
The SCTP (Stream Control Transmission Protocol) protocol is used to
transfer messages to several recipients. The chunk SCTP ASCONF (Address Configuration
Change, RFC 5061) changes IP addresses. However, if this chunk uses the INADDR_ANY
(all addresses) IPv4 address, the sctp_findassoc_by_vtag() function of the FreeBSD kernel
sets a NULL pointer, which is then dereferenced in sctp_process_control().
******
http://www.leidinger.net/FreeBSD/dox/netinet/html/index.htm
*FreeBSD kernel IPv4 code Documentation
Alias_sctp is part of the SONATA ([6]http://caia.swin.edu.au/urp/sonata)
****
http://www.gossamer-threads.com/lists/openssh/dev/54180
*possible sysctl settings:
*possible sysctl settings analysis:
kern.securelevel: 2
can change the following settings
net.inet.sctp.auto_asconf: 0
net.inet.sctp.auth_disable: 0
net.inet.sctp.asconf_auth_nochk: 0
***
*possible sysctl settings question:
why is sysctl kern.securlevel=2, not strict enough to prevent
SCTP settings change?
****************
thank you for your help, freebsd brothers and sisters.
*question:
why is this not under security advisories?
http://www.freebsd.org/security/advisories.html
http://www.securiteam.com/securitynews/5GP381582Q.html
Tue Aug 28 /home/***adm/sctpvulndir
process: root [sctp_iterator]
*title
FreeBSD SCTP NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54797
Vulnerable Systems: Mozilla am4ss??
****
*register for vigilance
http://vigilance.fr/vulnerability/FreeBSD-denial-of-service-via-SCTP-11823
*bulletin altert:
Vigil@nce vulnerability bulletin 11823
*title
FreeBSD: denial of service via SCTP
Synthesis of the vulnerability
A remote attacker can send a special SCTP packet to FreeBSD,
in order to stop the kernel.
Severity: 2/4.
Creation date: 06/08/2012.
*Description of the vulnerability
The SCTP (Stream Control Transmission Protocol) protocol is used to
transfer messages to several recipients. The chunk SCTP ASCONF (Address Configuration
Change, RFC 5061) changes IP addresses. However, if this chunk uses the INADDR_ANY
(all addresses) IPv4 address, the sctp_findassoc_by_vtag() function of the FreeBSD kernel
sets a NULL pointer, which is then dereferenced in sctp_process_control().
******
http://www.leidinger.net/FreeBSD/dox/netinet/html/index.htm
*FreeBSD kernel IPv4 code Documentation
Alias_sctp is part of the SONATA ([6]http://caia.swin.edu.au/urp/sonata)
****
http://www.gossamer-threads.com/lists/openssh/dev/54180
*possible sysctl settings:
*possible sysctl settings analysis:
kern.securelevel: 2
can change the following settings
net.inet.sctp.auto_asconf: 0
net.inet.sctp.auth_disable: 0
net.inet.sctp.asconf_auth_nochk: 0
***
*possible sysctl settings question:
why is sysctl kern.securlevel=2, not strict enough to prevent
SCTP settings change?
****************
thank you for your help, freebsd brothers and sisters.
