The flaw identified by CVE-2010-1173 (Red Hat Bugzilla bug 584645) describes an issue in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel, version 2.6.0 and later. This flaw will be addressed in the upstream Linux kernel soon. On systems with SCTP enabled, this could, potentially, lead to a remote denial of service if the SCTP listening port receives a malformed INIT chunk packet.
This issue has been rated as having important security impact by the Red Hat Security Response Team.
- Red Hat Enterprise Linux 4
- Red Hat Enterprise Linux 5
- Red Hat Enterprise MRG
This issue has been fixed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via the Red Hat Security Advisories RHSA-2010:0474, RHSA-2010:0504, and RHSA-2010:0631 respectively. Red Hat Enterprise Linux 3 is not affected as it does not include support for SCTP. Before updates are installed, the workaround below can be applied to help reduce the risk of this issue.
For users that do not run applications that use SCTP, you can prevent the
sctp module from being loaded by adding the following entry to the end of the
This way, the
sctp module cannot be loaded accidentally, which may occur if an application that requires SCTP is started. A reboot is not necessary for this change to take effect.
If you require assistance with mitigating this issue, or would like to request a hotfix, please contact Red Hat support.
Update 16th June 2010: This article has been updated to reflect the release of the Red Hat Security Advisory RHSA-2010:0474, which fixes the CVE-2010-1173 issue in Red Hat Enterprise Linux 4.
Update 2nd July 2010: This article has been updated to reflect the release of the Red Hat Security Advisory RHSA-2010:0504, which fixes the CVE-2010-1173 issue in Red Hat Enterprise Linux 5.
Update 19th August 2010: This article has been updated to reflect the release of the Red Hat Security Advisory RHSA-2010:0631, which fixes the CVE-2010-1173 issue in Red Hat Enterprise MRG.