Home > Critical Infrastructure Security, SCADA Security > A BOF in the Stream Control Transmission Protocol (SCTP)

A BOF in the Stream Control Transmission Protocol (SCTP)

A vulnerability has been published in the SCTP protocol widely used in the following systems which are used in some SCADA/DCS implementations:
* AIX Version 5
* Generic BSD with external patch at KAME project
* Cisco IOS 12
* DragonFly BSD since version 1.4
* FreeBSD, version 7 and above
* HP-UX, 11i v2 and above
* Linux 2.4/2.6
* QNX Neutrino Realtime OS, 6.3.0 and above
* Sun Solaris 10

The buffer over flow vulnerability ( leading to D.O.S ) exploits failure in validating the FWD-TSN packet. “The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065)”. you can read more about the exploit and download the attack code in C. here Thanks to http://kernelbof.blogspot.com/

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: