Уязвимость CVE-2014-5077: Информация

Описание

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

Важность: HIGH (7,1)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-5077

Опубликовано: 1 августа 2014 г.

Изменено: 19 мая 2023 г.

Идентификатор типа ошибки: CWE-476

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
kernel-image-std-def	sisyphus	3.12.27-alt1	6.1.93-alt1	ALT-PU-2014-2043-1	128559	Исправлено
kernel-image-std-def	p10	3.12.27-alt1	5.10.218-alt1	ALT-PU-2014-2043-1	128559	Исправлено
kernel-image-std-def	p9	3.12.27-alt1	5.4.277-alt1	ALT-PU-2014-2043-1	128559	Исправлено
kernel-image-std-def	c9f2	3.12.27-alt1	5.10.214-alt0.c9f.2	ALT-PU-2014-2043-1	128559	Исправлено
kernel-image-std-def	c7	3.14.18-alt1	4.4.277-alt0.M70C.1	ALT-PU-2014-2116-1	129349	Исправлено
kernel-image-std-def	p11	3.12.27-alt1	6.1.91-alt1	ALT-PU-2014-2043-1	128559	Исправлено
kernel-image-un-def	sisyphus	3.15.10-alt1	6.6.33-alt1	ALT-PU-2014-2009-1	127294	Исправлено
kernel-image-un-def	p10	3.15.10-alt1	6.1.90-alt1	ALT-PU-2014-2009-1	127294	Исправлено
kernel-image-un-def	p9	3.15.10-alt1	5.10.218-alt1	ALT-PU-2014-2009-1	127294	Исправлено
kernel-image-un-def	c10f1	3.15.10-alt1	6.1.85-alt0.c10f.1	ALT-PU-2014-2009-1	127294	Исправлено
kernel-image-un-def	c9f2	3.15.10-alt1	5.10.29-alt2	ALT-PU-2014-2009-1	127294	Исправлено
kernel-image-un-def	c7	3.15.10-alt1	4.9.277-alt0.M70C.1	ALT-PU-2014-2017-1	127329	Исправлено
kernel-image-un-def	p11	3.15.10-alt1	6.6.31-alt1	ALT-PU-2014-2009-1	127294	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
[oss-security] 20140725 Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference	Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1122982	Issue Tracking Patch Third Party Advisory
https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa	Patch Third Party Advisory
59777	Third Party Advisory
60564	Third Party Advisory
RHSA-2014:1083	Third Party Advisory
USN-2358-1	Third Party Advisory
USN-2334-1	Third Party Advisory
USN-2335-1	Third Party Advisory
USN-2359-1	Third Party Advisory
60744	Third Party Advisory
RHSA-2014:1668	Third Party Advisory
RHSA-2014:1763	Third Party Advisory
SUSE-SU-2014:1316	Mailing List Third Party Advisory
SUSE-SU-2014:1319	Mailing List Third Party Advisory
62563	Third Party Advisory
1030681	Third Party Advisory VDB Entry
68881	Third Party Advisory VDB Entry
60545	Third Party Advisory
60430	Third Party Advisory
linux-kernel-cve20145077-dos(95134)	Third Party Advisory VDB Entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa	Vendor Advisory

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  2.6.24
  End excliding
  3.2.63
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.3
  End excliding
  3.4.103
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.5
  End excliding
  3.10.53
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.11
  End excliding
  3.12.27
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.13
  End excliding
  3.14.17
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.15
  End excliding
  3.15.10
  
  Конфигурация 2
  cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
  cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
  
  Конфигурация 3
  cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
  
  Конфигурация 4
  cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

Версия: v24.5.3

Наверх

Уязвимость CVE-2014-5077: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2

Конфигурация 3

Конфигурация 4