Vulnerability DatabaseCVE-2008-4576
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2008-4576
October 15, 2008
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
Related Resources (27)
http://www.ubuntu.com/usn/usn-679-1
http://secunia.com/advisories/33180
http://www.debian.org/security/2008/dsa-1681
http://permalink.gmane.org/gmane.comp.security.oss.general/1039
http://www.gossamer-threads.com/lists/linux/kernel/981012?page=last
http://secunia.com/advisories/33586
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9822
http://secunia.com/advisories/33182
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.27-rc6-git6.log
http://www.securityfocus.com/bid/31634
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html
http://secunia.com/advisories/32386
http://www.redhat.com/support/errata/RHSA-2008-1017.html
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
http://secunia.com/advisories/32759
https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4576
http://www.redhat.com/support/errata/RHSA-2009-0009.html
https://access.redhat.com/security/cve/CVE-2008-4576
http://secunia.com/advisories/32998
http://secunia.com/advisories/32918
http://www.debian.org/security/2008/dsa-1687
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.18
http://secunia.com/advisories/32370
https://exchange.xforce.ibmcloud.com/vulnerabilities/45773
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
CVSS v2
Base Score:
7.8
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
Weakness Type (CWE)
Improper Authentication
CWE-287
EPSS
Base Score:
4.82