5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.3%
The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through
3.11.1 uses data structures and function calls that do not trigger an
intended configuration of IPsec encryption, which allows remote attackers
to obtain sensitive information by sniffing the network.
Author | Note |
---|---|
jdstrand | requires IPv6 on SCTP IPsec traffic Per kernel team, too intrusive to backport |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | <Â 3.2.0-57.87 | UNKNOWN |
ubuntu | 12.10 | noarch | linux | <Â 3.5.0-43.66 | UNKNOWN |
ubuntu | 13.04 | noarch | linux | <Â 3.8.0-34.49 | UNKNOWN |
ubuntu | 13.10 | noarch | linux | <Â 3.11.0-13.20 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | <Â 3.2.0-1628.40 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-armadaxp | <Â 3.5.0-1624.33 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-quantal | <Â 3.5.0-43.66~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-raring | <Â 3.8.0-34.49~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | <Â 3.2.0-1441.60 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-ti-omap4 | <Â 3.5.0-235.51 | UNKNOWN |
www.openwall.com/lists/oss-security/2013/09/13
launchpad.net/bugs/cve/CVE-2013-4350
nvd.nist.gov/vuln/detail/CVE-2013-4350
security-tracker.debian.org/tracker/CVE-2013-4350
ubuntu.com/security/notices/USN-2019-1
ubuntu.com/security/notices/USN-2021-1
ubuntu.com/security/notices/USN-2022-1
ubuntu.com/security/notices/USN-2024-1
ubuntu.com/security/notices/USN-2038-1
ubuntu.com/security/notices/USN-2039-1
ubuntu.com/security/notices/USN-2041-1
ubuntu.com/security/notices/USN-2045-1
ubuntu.com/security/notices/USN-2049-1
ubuntu.com/security/notices/USN-2050-1
www.cve.org/CVERecord?id=CVE-2013-4350