There appears to be a serious vulnerability in Linux kernel versions < 2.6.28-git8. This was reported as a potential denial-of-service issue in many places; but it now appears to be more serious than that.

This site over at blogspot.com posted exploit code that supposedly allows an attacker to gain root privileges on machines running sctp applications. If you’re running anything using the SCTP protocol this would be a good time to upgrade. And make sure you keep up-to-date with future updates as well; according to several people there are more possible weaknesses in the sctp code.

Please note that the vulnerability is in the Linux kernel, so anyone running sctp applications is vulnerable until they have upgraded their kernel to a more recent version. Fortunately, there are not many applications using sctp yet. For more information about the protocol see wikipedia or the relevant RFC.

sctp_packet_structure