# Security - Base Kernel - SCTP_Null Ptr Deref - ASCONF -need patch



## workoblue (Aug 28, 2012)

Security - Base Kernel - SCTP_Null Ptr Deref - ASCONF -need patch
*question:
    why is this not under security advisories?
http://www.freebsd.org/security/advisories.html
http://www.securiteam.com/securitynews/5GP381582Q.html
Tue Aug 28 /home/***adm/sctpvulndir
process: root [sctp_iterator]
*title
	FreeBSD SCTP NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54797
Vulnerable Systems: Mozilla am4ss??
****
*register for vigilance
http://vigilance.fr/vulnerability/FreeBSD-denial-of-service-via-SCTP-11823
*bulletin altert:
	Vigil@nce  vulnerability bulletin 11823
*title
	FreeBSD: denial of service via SCTP
Synthesis of the vulnerability
    A remote attacker can send a special SCTP packet to FreeBSD, 
    in order to stop the kernel.
Severity: 2/4.
Creation date: 06/08/2012.
*Description of the vulnerability
    The SCTP (Stream Control Transmission Protocol) protocol is used to 
transfer messages to several recipients.  The chunk SCTP ASCONF (Address Configuration 
Change, RFC 5061) changes IP addresses. However, if this chunk uses the INADDR_ANY 
(all addresses) IPv4 address, the sctp_findassoc_by_vtag() function of the FreeBSD kernel 
sets a NULL pointer, which is then dereferenced in sctp_process_control().
******
http://www.leidinger.net/FreeBSD/dox/netinet/html/index.htm
*FreeBSD kernel IPv4 code Documentation
   Alias_sctp is part of the SONATA ([6]http://caia.swin.edu.au/urp/sonata)
****
http://www.gossamer-threads.com/lists/openssh/dev/54180
*possible sysctl settings:
*possible sysctl settings analysis:
    kern.securelevel: 2
    can change the following settings
net.inet.sctp.auto_asconf: 0
net.inet.sctp.auth_disable: 0
net.inet.sctp.asconf_auth_nochk: 0
***
*possible sysctl settings question:
    why is sysctl kern.securlevel=2, not strict enough to prevent
SCTP settings change?
****************

thank you for your help, freebsd brothers and sisters.


----------



## SirDice (Aug 28, 2012)

workoblue said:
			
		

> Security - Base Kernel - SCTP_Null Ptr Deref - ASCONF -need patch
> *question:
> why is this not under security advisories?
> http://www.freebsd.org/security/advisories.html
> http://www.securiteam.com/securitynews/5GP381582Q.html


I suggest contacting the security team. 

http://www.freebsd.org/security/#how


----------

