SOL15317 - Linux kernel vulnerability CVE-2014-0101

2014-06-0500:00:00

support.f5.com

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.928 High

EPSS

Percentile

98.8%

JSON

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. (CVE-2014-0101)

CPENameOperatorVersion
big-iq securityle4.5.0
big-ip ltmle11.5.3
big-ip edge gatewayle11.3.0
big-ip webacceleratorle11.3.0
big-ip analyticsle11.5.3
big-ip link controllerle11.5.3
big-ip psmle11.4.1
enterprise managerle3.1.1
big-ip aamle11.5.3
big-iq cloudle4.5.0

Name	Operator	Version
big-iq security	le	4.5.0
big-ip ltm	le	11.5.3
big-ip edge gateway	le	11.3.0
big-ip webaccelerator	le	11.3.0
big-ip analytics	le	11.5.3
big-ip link controller	le	11.5.3
big-ip psm	le	11.4.1
enterprise manager	le	3.1.1
big-ip aam	le	11.5.3
big-iq cloud	le	4.5.0