440 matches found
PT-2014-8434 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.18 Description: The issue generates incorrect conntrack entries during the handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols. This allows remote attackers to bypass intende...
kernel: net: sctp: remote memory pressure from excessive queueing
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...
DEBIAN-CVE-2014-3688
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/smstatefuns.c...
UBUNTU-CVE-2014-7841
The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...
DEBIAN-CVE-2014-3673
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to net/sctp/smmakechunk.c and net/sctp/smstatefuns.c...
UBUNTU-CVE-2014-3673
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to net/sctp/smmakechunk.c and net/sctp/smstatefuns.c...
UBUNTU-CVE-2014-3687
The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service panic via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter...
Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions
A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system...
UBUNTU-CVE-2014-3688
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/smstatefuns.c...
Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions
A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system...
Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions
A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system...
kernel: sctp: sk_ack_backlog wrap-around problem
An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...
Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions
A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system...
Updated kernel-linus package fixes security vulnerabilities
Updated kernel-linus provides upstream 3.12.26 kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...
kernel: sctp: sk_ack_backlog wrap-around problem
An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...
Updated kernel packages fix security vulnerabilities
This kernel update provides the upstream 3.10.50 longterm kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...
MGASA-2014-0316 Updated kernel packages fix security vulnerabilities
This kernel update provides the upstream 3.12.25 longterm kernel and fixes the following security issues: Array index error in the aioreadeventsring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value...
DEBIAN-CVE-2014-5077
The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and OOPS by starting to establish an association between two endpoints immediately after an...
UBUNTU-CVE-2014-5077
The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and OOPS by starting to establish an association between two endpoints immediately after an...
kernel: sctp: sk_ack_backlog wrap-around problem
An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...