Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3687

Опубликовано: 09 окт. 2014
Источник: redhat
CVSS2: 7.1

Описание

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system.

Отчет

This issue does affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG. Future Linux kernel updates for the respective releases will address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelAffected
Red Hat Enterprise Linux 6kernelFixedRHSA-2014:199716.12.2014
Red Hat Enterprise Linux 6.2 Advanced Update SupportkernelFixedRHSA-2015:011503.02.2015
Red Hat Enterprise Linux 6.4 Extended Update SupportkernelFixedRHSA-2015:004313.01.2015
Red Hat Enterprise Linux 6.5 Extended Update SupportkernelFixedRHSA-2015:006220.01.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2014:197109.12.2014

Показывать по

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1155731kernel: net: sctp: fix panic on duplicate ASCONF chunks

7.1 High

CVSS2

Связанные уязвимости

CVSS3: 7.5
ubuntu
почти 11 лет назад

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

CVSS3: 7.5
nvd
почти 11 лет назад

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

CVSS3: 7.5
debian
почти 11 лет назад

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in t ...

CVSS3: 7.5
github
около 3 лет назад

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

oracle-oval
больше 10 лет назад

ELSA-2014-3089: Unbreakable Enterprise kernel security update (IMPORTANT)

7.1 High

CVSS2