This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. This was addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0958.html and https://rhn.redhat.com/errata/RHSA-2010-0842.html. Future updates in Red Hat Enterprise Linux 4 and 5 may address this flaw.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
|MRG Grid for RHEL 5 Server (kernel-rt)||RHSA-2010:0958||2010-12-08|
|Red Hat Enterprise Linux 6 (kernel)||RHSA-2010:0842||2010-11-10|
|Red Hat Enterprise Linux 4 (kernel)||RHSA-2010:0936||2010-12-01|
|Red Hat Enterprise Linux 5 (kernel)||RHSA-2011:0004||2011-01-04|
For users that do not run applications that use SCTP, you can prevent the sctp module from being loaded by adding the following entry to the end of the /etc/modprobe.d/blacklist file:
This way, the sctp module cannot be loaded accidentally, which may occur if an application that requires SCTP is started. A reboot is not necessary for this change to take effect.
CVE description copyright © 2017, The MITRE Corporation