Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE
Linux Kernel 2.6.25.3
Linux Kernel 2.6.24.4
Linux Kernel 2.6.26.1
Linux Kernel 2.6.25.2
Linux Kernel 2.6.24.3
Linux Kernel 2.6.25.1
Linux Kernel 2.6.24.2
Linux Kernel 2.6.24.1
Linux Kernel 2.6.24 Release Candidate 2
Linux Kernel 2.6.24 Release Candidate 3
Linux Linux kernel 2.6.24 rc4 (not an official CPE)
Linux Kernel 2.6.24
Linux Kernel 2.6.25
Linux Linux kernel 2.6.24 rc5 (not an official CPE)
Linux Kernel 2.6.25.14
Linux Kernel 2.6.25.15
Linux Kernel 2.6.25.12
Linux Kernel 2.6.25.13
Linux Kernel 2.6.25.10
Linux Kernel 2.6.25.11
Linux Kernel 2.6.26
Linux Linux kernel 2.6.24 rc1 (not an official CPE)
Linux Kernel 2.6.25.9
Linux Kernel 2.6.25.8
Linux Kernel 2.6.25.7
Linux Kernel 2.6.26.2
Linux Kernel 2.6.24.5
Linux Kernel 2.6.25.4
Linux Kernel 2.6.26.3
Linux Kernel 2.6.24.6
Linux Kernel 2.6.25.5
Linux Kernel 2.6.24.7
Linux Kernel 2.6.25.6