Bug#686962: CVE-2012-3549: kfreebsd SCTP DoS
On Fri, Sep 07, 2012 at 12:17:45PM -0500, Raphael Geissert wrote:
> Package: kfreebsd-8
> Severity: grave
> Tags: security
> Control: clone -1 -2 -3
> Control: reassign -2 src:kfreebsd-9
> Control: reassign -3 src:kfreebsd-10
>
> Hi,
>
> CVE-2012-3549 has been assigned to be a remote DoS (via a NULL pointer
> dereference in the kernel) vulnerability in FreeBSD's SCTP
> implementation[1].
>
> [1] http://www.exploit-db.com/exploits/20226/
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
If no upstream fix is available you might want to disable SCTP in the Wheezy
kernel?
Cheers,
Moritz
Reply to: