Does CVE-2009-0065 affect Red Hat Enterprise Linux?

Release Found: Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG

Problem

The flaw identified by CVE-2009-0065 (Red Hat Bugzilla bug 478800) describes a buffer overflow in the Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation of the Linux kernel, versions 2.6.28-rc8 and earlier (including 2.6.27.12 and 2.6.28.1). This flaw was addressed via the upstream git commit 9fcb95a1. On systems with PR-SCTP enabled, this could, potentially, lead to a remote denial of service or arbitrary code execution if a Forward-TSN chunk is received with a large stream ID. Note: An established connection between SCTP endpoints is necessary to exploit this vulnerability.

Solution

This issue has already been fixed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG, via the asynchronous security advisories RHSA-2009:0331, RHSA-2009:0264, and RHSA-2009:0053, respectively. Red Hat Enterprise Linux 2.1 and 3 are not affected. If the required updates are not installed, or if it is not possible to install at this time, the following workarounds can be used:

For users that run applications that use SCTP, the PR-SCTP extension is enabled in the kernel by default if the sctp loadable kernel module (LKM) is loaded. You can temporarily disable the PR-SCTP extension by running one of the following commands as the root user:

sysctl -w net.sctp.prsctp_enable=0

or

echo 0 > /proc/sys/net/sctp/prsctp_enable

To make permanent changes with these commands, see How do I make changes to my proc filesystem permanent?.

For users that do not run applications that use SCTP, you can prevent the sctp module from being loaded by adding the following entry to the end of the /etc/modprobe.d/blacklist file:

blacklist sctp

This way, the sctp module cannot be loaded accidentally, which may occur if an application that requires SCTP is started. A reboot is not necessary for this change to take effect.