Please update USN-752-1's description
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Hi,
http://
please update USN description, because CVE-2009-0065 has published
remote exploit that can get root priviledges.
in USN-752-1 's description said:
> The SCTP stack did not correctly validate FORWARD-TSN packets.
> A remote attacker could send specially crafted SCTP traffic causing
> a system crash, leading to a denial of service. (CVE-2009-0065)
This is old info. Today, CVE-2009-0065 has remote root exploit.
But, this vuln must need loading sctp.ko(=running SCTP application),
in general cases, this exploit does not work for Desktop envs.
see also:
http://
http://
http://
Regards,
Thank you for using Ubuntu and taking the time to report a bug. While you are correct that this issue is more than a DoS, we normally do not update USN text based on new exploit information (it is way too time-consuming and would remain hopelessly out of date). Additionally, while incomplete, the USN currently describes a high impact vulnerability for users of SCTP (a remotely triggerable DoS) which would compel SCTP users to upgrade their kernels anyway.