Friday, May 8, 2009

Scanning & Monitoring For SCTP

Via Tenable Security Blog -

When vulnerabilities are discovered, they are classified by various organizations using different methods. For example, CVSS scoring uses an algorithm to determine a severity rating from 1 to 10. This rating has been adopted by the NVD (National Vulnerabilities Database) and is used by Tenable to provide scores within the Nessus plugins. Sometimes a vulnerability is announced and its original rating is set as moderate or low. This is frequently the case with Denial Of Service (DoS) vulnerabilities as they allow an attacker to disrupt services but not gain remote access to the system. However, sometimes an advisory describes a vulnerability that seems to only cause DoS conditions, but is really an indicator of a condition that may permit remote code execution. This discrepancy typically occurs because the researcher does not fully understand or does not diagnose the underlying problem.

This is the case with CVE-2009-0065, a buffer overflow in the Linux kernel code that handles the Stream Control Transmission Protocol (SCTP). It was originally published and treated as a DoS condition but, after additional investigation, a researcher published details on leveraging it for remote code execution.


For some background on SCTP, check out this article.

No comments:

Post a Comment