CVE-2010-3432
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2010-3432 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. This was addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0958.html and https://rhn.redhat.com/errata/RHSA-2010-0842.html. Future updates in Red Hat Enterprise Linux 4 and 5 may address this flaw.
CVSS v2 metrics
| Base Score | 7.8 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| MRG Grid for RHEL 5 Server (kernel-rt) | RHSA-2010:0958 | 2010-12-08 |
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2010:0842 | 2010-11-10 |
| Red Hat Enterprise Linux 4 (kernel) | RHSA-2010:0936 | 2010-12-01 |
| Red Hat Enterprise Linux 5 (kernel) | RHSA-2011:0004 | 2011-01-04 |
Mitigation
For users that do not run applications that use SCTP, you can prevent the sctp module from being loaded by adding the following entry to the end of the /etc/modprobe.d/blacklist file:
blacklist sctp
This way, the sctp module cannot be loaded accidentally, which may occur if an application that requires SCTP is started. A reboot is not necessary for this change to take effect.
CVE description copyright © 2017, The MITRE Corporation