CVE-2014-3673

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux kernel versions 2.6.32 Linux kernel versions prior to 3.17.2

Description The issue affects the Linux kernel and Red Hat Enterprise Linux, allowing remote attackers to cause a denial of service or disrupt the confidentiality, integrity, and availability of protected information. The exploitation can be done remotely. The SCTP implementation in the Linux kernel is specifically vulnerable to a denial of service attack via a malformed ASCONF chunk.

Recommendations For Red Hat Enterprise Linux kernel version 2.6.32, update to a version that includes the necessary security patches. For Linux kernel versions prior to 3.17.2, update to version 3.17.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the SCTP implementation until a patch is available.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-20

Related Identifiers

ALT-PU-2014-2380

ALT-PU-2014-2381

BDU:2015-06243

BDU:2015-06250

BDU:2015-06263

BDU:2015-06264

BDU:2015-06265

CESA-2014_1971

CESA-2014_1997

CVE-2014-3673

DSA-3060-1

OPENSUSE-SU-2014_1677-1

OPENSUSE-SU-2014_1678-1

RHSA-2014:1971

RHSA-2014:1997

RHSA-2014_1971

RHSA-2014_1997

RHSA-2015:0043

RHSA-2015:0062

RHSA-2015:0115

SUSE-RU-2015:0621-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0529-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

SUSE-SU-2015_0529-1

USN-2417-1

USN-2418-1

USN-2441-1

USN-2442-1

USN-2445-1

USN-2446-1

USN-2447-1

USN-2447-2

USN-2448-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

CVE-2014-3673

Weakness Enumeration

Related Identifiers

Affected Products

References · 134