Its not every day you see remote code execution exploit of a Transport layer protocol, and what OS do you think people are going to be toying around with SCTP... Linux. This is serious.
Simply because a vulnerability in the transport layer results in every service relying on that protocol to be vulnerable? Are you saying that a remote code execution vulnerability in TCP would not be worse than one in for instance FTP?
(I am aware of your credentials so I'm trying to figure out what I'm missing, not trying to be snippy)
Ok. Fair point. TCP would be worse than FTP, because you could hit it from ports 21, 22, 80, and 443.
FTP would be far worse than SCTP, because you're much more likely to be using it.
I'll admit, my mind jumped immediately to "vulnerability in the kernel! much worse than vulnerability in a web server!", which is exactly the wrong way to think about the problem --- once you've conceded code execution to an attacker, you've conceded the box.
Maybe that wasn't his argument. Thanks for calling me out on that.
Either way, the Linux advisory he cited should have absolutely no impact on your consideration of SCTP.
edit: needed to review the OSI model.