Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-0101
HistoryMar 11, 2014 - 12:00 a.m.

CVE-2014-0101

2014-03-1100:00:00
ubuntu.com
ubuntu.com
33

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.918

Percentile

98.9%

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux
kernel through 3.13.6 does not validate certain auth_enable and
auth_capable fields before making an sctp_sf_authenticate call, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and system crash) via an SCTP handshake with a modified INIT
chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.

Bugs

Notes

Author Note
jdstrand android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.918

Percentile

98.9%