Check Point Advisories

Linux Kernel DCCP Protocol Handler dccp_setsockopt_change Integer Overflow (CVE-2008-3276)

Vulnerability
Protection

Check Point Reference:	CPAI-2008-405
Date Published:	14 Jul 2010
Severity:	High
Last Updated:	Tuesday 10 November, 2015
Source:
Industry Reference:	CVE-2008-3276
Protection Provided by:	Security Gateway R77, R75
Who is Vulnerable?
Vulnerability Description	Linux is a popular open-source operating system in which the kernel and other programs related to the operating systems are developed by a group of volunteers. The Linux kernel supports a great number of features, including networking, file system and graphics protocols and standards. Along with established and mature standards, the operating systems supports a large number of new and experimental protocols, such as DCCP. There exists an integer overflow vulnerability in the Datagram Congestion Control Protocol (DCCP) stack in Linux kernel. The flaw is due to lack of data validation when parsing DCCP datagrams. An unauthenticated remote attacker may leverage this vulnerability to raise a denial of service condition on the target system. In a successful attack case scenario, kernel panic will occur due to memory corruption and cause a Denial of Service condition for all services provided by the target.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R77 / R75

In the IPS tab, click Protections and find the Linux Kernel DCCP Protocol Handler dccp_setsockopt_change Integer Overflow protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: ICMP Protocol Violation.