Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 up to and including 2.6.33 allows remote malicious users to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel 2.6.11 |
||
linux linux kernel |
||
redhat enterprise mrg 1.0 |
||
vmware esx 4.1 |
||
vmware esx 4.0 |