439 matches found
DEBIAN-CVE-2015-5283
The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service panic or memory corruption by creating SCTP sockets before all of the steps have finished...
kernel: SCTP race condition allows list corruption and panic from userlevel
A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change ASCONF. A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a...
USN-2717-1 linux-lts-utopic vulnerability
Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change ASCONF options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service system crash...
kernel: net: slab corruption from use after free on INIT collisions
A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system...
USN-2563-1 linux vulnerabilities
Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP Stream Control Transmission Protocol subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service system crash or potentially escalate their privileges on the system. CVE-2015-1421...
kernel: net: slab corruption from use after free on INIT collisions
A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system...
kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet
A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change ASCONF. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system...
kernel: iptables restriction bypass if a protocol handler kernel module not loaded
A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol SCTP case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking...
kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled malformed Address Configuration Change Chunks ASCONF. A remote attacker could use either of these flaws to crash the system...
kernel: net: sctp: remote memory pressure from excessive queueing
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...
kernel: net: sctp: fix panic on duplicate ASCONF chunks
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled duplicate Address Configuration Change Chunks ASCONF. A remote attacker could use either of these flaws to crash the system...
CVE-2014-8612
Multiple array index errors in the Stream Control Transmission Protocol SCTP module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to 1 gain privileges via the stream id to the setsockopt function, when setting the SCTIPSSVALUE option, or 2 read...
kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet
A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change ASCONF. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system...
kernel: net: sctp: remote memory pressure from excessive queueing
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...
kernel: net: sctp: fix panic on duplicate ASCONF chunks
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled duplicate Address Configuration Change Chunks ASCONF. A remote attacker could use either of these flaws to crash the system...
kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled malformed Address Configuration Change Chunks ASCONF. A remote attacker could use either of these flaws to crash the system...
kernel: net: sctp: fix panic on duplicate ASCONF chunks
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled duplicate Address Configuration Change Chunks ASCONF. A remote attacker could use either of these flaws to crash the system...
kernel: net: sctp: remote memory pressure from excessive queueing
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...
kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled malformed Address Configuration Change Chunks ASCONF. A remote attacker could use either of these flaws to crash the system...
PT-2014-8434 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.18 Description: The issue generates incorrect conntrack entries during the handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols. This allows remote attackers to bypass intende...