Описание
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system.
Отчет
This issue does affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG. Future Linux kernel updates for the respective releases will address this issue.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 5 | kernel | Not affected | ||
Red Hat Enterprise MRG 2 | realtime-kernel | Affected | ||
Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2014:1997 | 16.12.2014 |
Red Hat Enterprise Linux 6.2 Advanced Update Support | kernel | Fixed | RHSA-2015:0115 | 03.02.2015 |
Red Hat Enterprise Linux 6.4 Extended Update Support | kernel | Fixed | RHSA-2015:0043 | 13.01.2015 |
Red Hat Enterprise Linux 6.5 Extended Update Support | kernel | Fixed | RHSA-2015:0062 | 20.01.2015 |
Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2014:1971 | 09.12.2014 |
Показывать по
Дополнительная информация
Статус:
7.1 High
CVSS2
Связанные уязвимости
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in t ...
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
ELSA-2014-3089: Unbreakable Enterprise kernel security update (IMPORTANT)
7.1 High
CVSS2