[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-5077Date: (C)2014-08-12   (M)2024-04-15


The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.1
Exploit Score: 8.6
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1030681
SECUNIA-59777
SECUNIA-60430
SECUNIA-60545
SECUNIA-60564
SECUNIA-60744
SECUNIA-62563
BID-68881
RHSA-2014:1083
RHSA-2014:1668
RHSA-2014:1763
SUSE-SU-2014:1316
SUSE-SU-2014:1319
USN-2334-1
USN-2335-1
USN-2358-1
USN-2359-1
http://www.openwall.com/lists/oss-security/2014/07/26/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa
https://bugzilla.redhat.com/show_bug.cgi?id=1122982
https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa
linux-kernel-cve20145077-dos(95134)

CWE    1
CWE-476
OVAL    41
oval:org.secpod.oval:def:702227
oval:org.secpod.oval:def:52307
oval:org.secpod.oval:def:702226
oval:org.secpod.oval:def:1500764
...

© SecPod Technologies