Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-4667

Опубликовано: 12 июн. 2014
Источник: redhat
CVSS2: 5

Описание

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2014:116709.09.2014
Red Hat Enterprise Linux 7kernelFixedRHSA-2014:102306.08.2014
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2014:091322.07.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1113967kernel: sctp: sk_ack_backlog wrap-around problem

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-4667

ubuntu
около 11 лет назад

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

nvd логотип

CVE-2014-4667

nvd
около 11 лет назад

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

debian логотип

CVE-2014-4667

debian
около 11 лет назад

The sctp_association_free function in net/sctp/associola.c in the Linu ...

github логотип

GHSA-6f8q-p6j4-j3h5

github
больше 3 лет назад

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

oracle-oval логотип

ELSA-2014-3069

oracle-oval
около 11 лет назад

ELSA-2014-3069: unbreakable enterprise kernel security update (IMPORTANT)

5 Medium

CVSS2