cbcvebase.
CVE-2010-1173
published 2010-05-07

CVE-2010-1173: The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to…

PriorityP267high7.1CVSS 2.0
AVNACMAuNCNINAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
21.31%
97.3th percentile
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.

Affected

338 ranges· showing 25
VendorProductVersion rangeFixed in
linuxlinux_kernel<= 2.6.33.3
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel

Detection & IOCsextracted from sources · hover to see the quote

port0x1173 (source port used in malformed SCTP INIT exploit)
bytes
\x20\x10\x11\x73\x00\x00\xf4\x00\x00\x05\x00\x05\x20\x10\x11\x73 + (\xc0\xff\x00\x08\xff\xff\xff\xff) * 20
  • Detect malformed SCTP INIT (SCTPChunkInit) packets containing multiple invalid variable-length parameters sent to a listening SCTP port; the exploit sends 20 repeated 8-byte invalid parameter blocks (\xc0\xff\x00\x08\xff\xff\xff\xff) within a single INIT chunk.
  • Alert on SCTP INIT chunks where the cumulative length of variable-length parameters approaches or exceeds the path MTU, which triggers skb_over_panic in sctp_process_unk_param on kernels <= 2.6.33.3.
  • Flag SCTP INIT packets sourced from port 0x1173 (4467) as a strong indicator of the sctp-boom.py exploit tool in use.
  • ·Vulnerability only exists when SCTP is enabled in the kernel; Linux kernel shipped with RHEL 3 was not affected because it did not include SCTP support.
  • ·Affected kernel versions are 2.6.33.3 and earlier; fixed in upstream releases 2.6.34, 2.6.33.6, and 2.6.32.16.
  • ·Exploit requires raw socket access (root privileges) on the attacking machine; the PoC uses libdnet and dpkt Python libraries.

CVSS provenance

nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
vulncheck7.1HIGH
vendor_redhat7.1HIGH
vendor_ubuntu1.2LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.