Launchpad.net

CVE 2007-2876

The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.

Related bugs and status

CVE-2007-2876 (Candidate) is related to these bugs:

Bug #54621: Kernel panic - not syncing: IO-APIC + timer doesn't work!

		In	Importance	Status
54621	Kernel panic - not syncing: IO-APIC + timer doesn't work!	linux-source-2.6.22 (Ubuntu)	High	Won't Fix
54621	Kernel panic - not syncing: IO-APIC + timer doesn't work!	linux-source-2.6.22 (Baltix)	Undecided	Invalid
54621	Kernel panic - not syncing: IO-APIC + timer doesn't work!	linux (Ubuntu)	Undecided	Fix Released

Bug #85488: some usb_devices fault if usb_suspend enabled

		In	Importance	Status
85488	some usb_devices fault if usb_suspend enabled	sane-backends (Ubuntu)	Medium	Fix Released
85488	some usb_devices fault if usb_suspend enabled	xsane	Undecided	Invalid
85488	some usb_devices fault if usb_suspend enabled	KDE Graphics	Undecided	Invalid
85488	some usb_devices fault if usb_suspend enabled	sane-backends	Medium	Expired
85488	some usb_devices fault if usb_suspend enabled	linux-source-2.6.20 (Ubuntu)	Low	Won't Fix
85488	some usb_devices fault if usb_suspend enabled	Linux	Medium	Fix Released
85488	some usb_devices fault if usb_suspend enabled	linux-source-2.6.20 (Debian)	Unknown	Fix Released
85488	some usb_devices fault if usb_suspend enabled	linux-source-2.6.20 (Baltix)	Undecided	Invalid
85488	some usb_devices fault if usb_suspend enabled	libusb (Ubuntu)	Undecided	Invalid
85488	some usb_devices fault if usb_suspend enabled	linux-source-2.6.22 (Ubuntu)	Medium	Fix Released

Bug #94186: 3c59x - 10/100 NIC fails to link to gigabit switch

		In	Importance	Status
94186	3c59x - 10/100 NIC fails to link to gigabit switch	linux-source-2.6.20 (Ubuntu)	Undecided	Won't Fix
94186	3c59x - 10/100 NIC fails to link to gigabit switch	linux-source-2.6.22 (Ubuntu)	Low	Fix Released
94186	3c59x - 10/100 NIC fails to link to gigabit switch	linux (Ubuntu)	Undecided	Fix Released

Bug #125250: Don't recognise USB Pendrive -> sr0: disc change detected.

		In	Importance	Status
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux-source-2.6.20 (Ubuntu)	Undecided	Won't Fix
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux (Ubuntu)	Medium	Fix Released
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux (Ubuntu Hardy)	Medium	Fix Released
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux-source-2.6.20 (Ubuntu Hardy)	Undecided	Won't Fix
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux (Ubuntu Intrepid)	Medium	Fix Released
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux-source-2.6.20 (Ubuntu Intrepid)	Undecided	Invalid
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux (Ubuntu Jaunty)	Medium	Fix Released
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux-source-2.6.20 (Ubuntu Jaunty)	Undecided	Invalid

Bug #182716: bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.

		In	Importance	Status
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	linux (Ubuntu)	Medium	Fix Released
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	Ubuntu	Undecided	Invalid
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	Linux	Undecided	Invalid
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	linux (Mandriva)	Undecided	New
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	linux-source-2.6.22 (Ubuntu)	Undecided	Won't Fix
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	linux (Baltix)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.kernel.org/...
REDHAT: RHSA-2007:0488
BID: 24376
SUSE: SUSE-SA:2007:043
SECUNIA: 25838
SECUNIA: 25961
UBUNTU: USN-486-1
UBUNTU: USN-489-1
SECUNIA: 26133
SECUNIA: 26139
CONFIRM: http://support.avaya.c...
SECUNIA: 26289
DEBIAN: DSA-1356
SECUNIA: 26450
UBUNTU: USN-510-1
SUSE: SUSE-SA:2007:051
REDHAT: RHSA-2007:0705
SECUNIA: 26760
SECUNIA: 26620
SUSE: SUSE-SA:2007:053
MANDRIVA: MDKSA-2007:171
MANDRIVA: MDKSA-2007:196
SECUNIA: 26664
SECUNIA: 27227
VUPEN: ADV-2007-2105
OSVDB: 37112
MLIST: [linux-kernel] 2007060...
MLIST: [linux-kernel] 2007060...
XF: kernel-sctpnew-dos(34777)
OVAL: oval:org.mitre.oval:de...