Critical Linux Kernel Vulnerability
 |
 |
 |
 |
 |
A critical buffer overflow vulnerability exists in the Linux Kernel Organization's Linux kernel prior to 2.6.34-rc6. A remote attacker may exploit this vulnerability to cause a DoS against or remote code execution on an affected system.
Linux is a popular open-source operating system in which the kernel and other programs related to the operating systems are developed by a group of volunteers. The Linux network protocol stack provides support for Stream Control Transmission Protocol (SCTP), an alternative or compliment to layer 4 protocols such as TCP and UDP. The vulnerability is due to a boundary error in the "sctp_process_unk_param()" function code in the Linux Kernel when handling an "INIT" chunk with multiple malformed parameters. A remote attacker could exploit this issue via a malformed chunk. Successful exploitation would cause a memory overflow that could lead to a system panic resulting in a denial of service condition, or allow the attacker to execute arbitrary code on the affected system.
Check Point provides immediate protection against this vulnerability through its integrated IPS offerings. The Check Point IPS Software Blade detects and blocks attempts to exploit this vulnerability. For more information, see CPAI-2010-077.