PT-2014-6269 · Linux+5 · Linux Kernel+5

Jason Gunthorpe

Publicado

2014-08-01

Atualizado

2023-05-19

CVE-2014-5077

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.15.9

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and OOPS, when SCTP authentication is enabled. This occurs by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

Recommendations For Linux kernel versions prior to 3.15.9, update to version 3.15.9 or later to resolve the issue.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2014-1981

ALT-PU-2014-1982

ALT-PU-2014-1983

ALT-PU-2014-2009

ALT-PU-2014-2043

CESA-2014_1392

CESA-2014_1724

CVE-2014-5077

DLA-103-1

MGASA-2014-0316

MGASA-2014-0318

MGASA-2014-0336

MGASA-2014-0337

OPENSUSE-SU-2014_1669-1

OPENSUSE-SU-2014_1677-1

RHSA-2014:1083

RHSA-2014:1392

RHSA-2014:1668

RHSA-2014:1724

RHSA-2014:1763

RHSA-2014:1872

RHSA-2014_1392

RHSA-2014_1724

SUSE-RU-2015:0621-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2332-1

USN-2333-1

USN-2334-1

USN-2335-1

USN-2358-1

USN-2359-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2014-6269 · Linux+5 · Linux Kernel+5

CVE-2014-5077

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 70