On 10/10/2014 12:04 PM, Joshua Kinard wrote: ...
If I am reading correctly, this crash can only be triggered by actually getting through the SCTP handshake, then sending this specially-crafted ASCONF chunk? Meaning a blind nmap scan using this tactic against a random netblock wouldn't just randomly knock servers offline? This would seem to reduce the attack surface a quite bit by requiring the remote endpoint to actually respond.
Sorry, have been on travel almost whole day ... yes, handshake has to be completed before that. So a scan/probe would need to establish a connection first and ASCONF would need to be supported.
Is there a CVE # for this?
CVE-2014-3673 -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
