Intrusion Prevention

Linux.Kernel.Netfilter.Conntrack.Proto.SCTP.C.DoS

Description

This indicates an attack attempt against a denial-of-service vulnerability in the Linux Kernel.
This vulnerability is due to insufficient checks during the processing
of SCTP packets by the netfilter module, namely those without any Chunk elements. By sending a crafted SCTP packet to a target host, an attacker may exploit this vulnerability to shut down a vulnerable host, thus creating a system-wide denial-of-service condition.

Affected Products

Linux Kernel version 2.6.17.2 and prior.
Linux Kernel version 2.6.16.22 and prior.

Impact

Denial of service

Recommended Actions

Upgrade to Linux Kernel version 2.6.17.3 or 2.6.16.23 :
http://www.kernel.org

CVE References

CVE-2006-2934