Vulnerability Description
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.24, < 3.2.56 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Eus | 6.3 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Aus | 6.4 |
| Redhat | Enterprise Linux Server Tus | 6.5 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Canonical | Ubuntu Linux | 10.04 |
| F5 | Big-Ip Access Policy Manager | >= 11.1.0, <= 11.5.3 |
| F5 | Big-Ip Advanced Firewall Manager | >= 11.3.0, <= 11.5.3 |
| F5 | Big-Ip Analytics | >= 11.1.0, <= 11.5.3 |
| F5 | Big-Ip Application Acceleration Manager | >= 11.4.0, <= 11.5.3 |
| F5 | Big-Ip Application Security Manager | >= 11.1.0, <= 11.5.3 |
| F5 | Big-Ip Edge Gateway | >= 11.1.0, <= 11.3.0 |
| F5 | Big-Ip Enterprise Manager | >= 2.1.0, <= 2.3.0 |
| F5 | Big-Ip Global Traffic Manager | >= 11.1.0, <= 11.5.3 |
| F5 | Big-Ip Link Controller | >= 11.1.0, <= 11.5.3 |
| F5 | Big-Ip Local Traffic Manager | >= 11.1.0, <= 11.5.3 |
| F5 | Big-Ip Policy Enforcement Manager | >= 11.3.0, <= 11.5.3 |
| F5 | Big-Ip Protocol Security Module | >= 11.1.0, <= 11.4.1 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://rhn.redhat.com/errata/RHSA-2014-0328.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0419.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0432.htmlThird Party Advisory
- http://secunia.com/advisories/59216Third Party Advisory
- http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/03/04/6Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/65943Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-2173-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2174-1Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1070705Issue TrackingPatchThird Party Advisory
- https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de85640372PatchThird Party Advisory
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://rhn.redhat.com/errata/RHSA-2014-0328.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0419.htmlThird Party Advisory
FAQ
What is CVE-2014-0101?
CVE-2014-0101 is a vulnerability with a CVSS score of 7.8 (HIGH). The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, ...
How severe is CVE-2014-0101?
CVE-2014-0101 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0101?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.