CVE-2004-2013

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4.25 and earlier

Description The issue is related to an integer overflow in the SCTP SOCKOPT DEBUG NAME SCTP socket option in socket.c. This overflow allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory.

Recommendations For Linux kernel versions 2.4.25 and earlier, consider upgrading to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the SCTP SOCKOPT DEBUG NAME socket option to minimize the risk of exploitation. Avoid using an optlen value of -1 in the affected socket option until the issue is resolved.