ALAS-2014-317 ---- kernel perfID: oval:org.secpod.oval:def:1600040 | Date: (C)2016-01-05 (M)2024-02-19 |
Class: PATCH | Family: unix |
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Platform: |
Amazon Linux AMI |