CVE-2013-5209

Name of the Vulnerable Software and Affected Versions FreeBSD versions 8.3 through 9.2-PRERELEASE

Description The issue is related to the SCTP implementation in the kernel. It allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks due to improper initialization of the state-cookie data structure in the sctp send initiate ack function.

Recommendations For FreeBSD versions 8.3 through 9.2-PRERELEASE, consider applying a patch that properly initializes the state-cookie data structure in the sctp send initiate ack function to prevent sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.