Lucene search

K

[email protected]NVD:CVE-2014-5077

HistoryAug 01, 2014 - 11:13 a.m.

CVE-2014-5077

2014-08-0111:13:09

CWE-476

[email protected]

web.nvd.nist.gov

3

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.7 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

Affected configurations

NVD

Node

linuxlinux_kernelRange2.6.24–3.2.63

OR

linuxlinux_kernelRange3.3–3.4.103

OR

linuxlinux_kernelRange3.5–3.10.53

OR

linuxlinux_kernelRange3.11–3.12.27

OR

linuxlinux_kernelRange3.13–3.14.17

OR

linuxlinux_kernelRange3.15–3.15.10

Node

suselinux_enterprise_desktopMatch11sp3

OR

suselinux_enterprise_real_time_extensionMatch11sp3

OR

suselinux_enterprise_serverMatch11sp3

OR

suselinux_enterprise_serverMatch11sp3vmware

Node

redhatenterprise_linux_eusMatch6.5

OR

redhatenterprise_linux_server_ausMatch6.2

OR

redhatenterprise_linux_server_ausMatch6.5

OR

redhatenterprise_linux_server_tusMatch6.5

Node

canonicalubuntu_linuxMatch12.04esm

OR

canonicalubuntu_linuxMatch14.04esm

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa

lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

rhn.redhat.com/errata/RHSA-2014-1083.html

rhn.redhat.com/errata/RHSA-2014-1668.html

rhn.redhat.com/errata/RHSA-2014-1763.html

secunia.com/advisories/59777

secunia.com/advisories/60430

secunia.com/advisories/60545

secunia.com/advisories/60564

secunia.com/advisories/60744

secunia.com/advisories/62563

www.openwall.com/lists/oss-security/2014/07/26/1

www.securityfocus.com/bid/68881

www.securitytracker.com/id/1030681

www.ubuntu.com/usn/USN-2334-1

www.ubuntu.com/usn/USN-2335-1

www.ubuntu.com/usn/USN-2358-1

www.ubuntu.com/usn/USN-2359-1

bugzilla.redhat.com/show_bug.cgi?id=1122982

exchange.xforce.ibmcloud.com/vulnerabilities/95134

github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.7 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

Related for NVD:CVE-2014-5077

nessus33 redhat6 veracode4 cvelist1 prion1 cve1 debiancve1 ubuntucve1 openvas52 ubuntu6 securityvulns4 mageia4 oraclelinux5 centos2 osv1 suse5 debian1 fedora22