{
  "threat_severity" : "Important",
  "public_date" : "2010-04-28T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set",
    "id" : "695383",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=695383"
  },
  "cvss" : {
    "cvss_base_score" : "5.4",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data." ],
  "statement" : "This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not support SCTP authentication and extended parameters. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the upstream commit a8170c35 that addressed this. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-0498.html.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2011-07-15T00:00:00Z",
    "advisory" : "RHSA-2011:0927",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-238.19.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-10T00:00:00Z",
    "advisory" : "RHSA-2011:0498",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-71.29.1.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-1573\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1573" ],
  "name" : "CVE-2011-1573",
  "csaw" : false
}