Severity: Unknown
Affected Package: kernel
Summary: Kernel memory disclosure via uninitialized SCTP state cookie
When initializing the SCTP state cookie sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely zeroed, so padding bytes remain uninitialized. This uninitialized kernel memory is placed on the wire and can disclose sensitive data to a remote peer. Systems not using SCTP are unaffected. Patch obtained from FreeBSD.
No specific recommendations provided.
Aliases: CVE-2013-5209
Published: August 22, 2013
Last Modified: August 22, 2013