CVE-2014-0101
kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
Severity Score
7.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
La función sctp_sf_do_5_1D_ce en net/sctp/sm_statefuns.c en el kernel de Linux hasta la versión 3.13.6 no valida ciertos campos auth_enable y auth_capable antes de hacer una llamada sctp_sf_authenticate, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) a través de un SCTP handshake con un fragmento INIT modificado y un fragmento AUTH manipulado anterior a un fragmento COOKIE_ECHO.
A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-12-03 CVE Reserved
- 2014-03-11 CVE Published
- 2024-01-21 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 | X_refsource_confirm | |
| http://secunia.com/advisories/59216 | Third Party Advisory | |
| http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html | Third Party Advisory | |
| http://www.securityfocus.com/bid/65943 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/03/04/6 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1070705 | 2014-05-20 | |
| https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0328.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2014-0419.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2014-0432.html | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-2173-1 | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-2174-1 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2014-0101 | 2014-05-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.24 < 3.2.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 3.2.56" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.4.84 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.84" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.5 < 3.10.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.34" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.15" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.13.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.13.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 6.3 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "6.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 6.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "6.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "6.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "6.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager" | >= 11.1.0 <= 11.5.3 Search vendor "F5" for product "Big-ip Access Policy Manager" and version " >= 11.1.0 <= 11.5.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Advanced Firewall Manager Search vendor "F5" for product "Big-ip Advanced Firewall Manager" | >= 11.3.0 <= 11.5.3 Search vendor "F5" for product "Big-ip Advanced Firewall Manager" and version " >= 11.3.0 <= 11.5.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Analytics Search vendor "F5" for product "Big-ip Analytics" | >= 11.1.0 <= 11.5.3 Search vendor "F5" for product "Big-ip Analytics" and version " >= 11.1.0 <= 11.5.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Application Acceleration Manager Search vendor "F5" for product "Big-ip Application Acceleration Manager" | >= 11.4.0 <= 11.5.3 Search vendor "F5" for product "Big-ip Application Acceleration Manager" and version " >= 11.4.0 <= 11.5.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Application Security Manager Search vendor "F5" for product "Big-ip Application Security Manager" | >= 11.1.0 <= 11.5.3 Search vendor "F5" for product "Big-ip Application Security Manager" and version " >= 11.1.0 <= 11.5.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Edge Gateway Search vendor "F5" for product "Big-ip Edge Gateway" | >= 11.1.0 <= 11.3.0 Search vendor "F5" for product "Big-ip Edge Gateway" and version " >= 11.1.0 <= 11.3.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Enterprise Manager Search vendor "F5" for product "Big-ip Enterprise Manager" | >= 2.1.0 <= 2.3.0 Search vendor "F5" for product "Big-ip Enterprise Manager" and version " >= 2.1.0 <= 2.3.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Enterprise Manager Search vendor "F5" for product "Big-ip Enterprise Manager" | >= 3.0.0 <= 3.1.1 Search vendor "F5" for product "Big-ip Enterprise Manager" and version " >= 3.0.0 <= 3.1.1" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Global Traffic Manager Search vendor "F5" for product "Big-ip Global Traffic Manager" | >= 11.1.0 <= 11.5.3 Search vendor "F5" for product "Big-ip Global Traffic Manager" and version " >= 11.1.0 <= 11.5.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Link Controller Search vendor "F5" for product "Big-ip Link Controller" | >= 11.1.0 <= 11.5.3 Search vendor "F5" for product "Big-ip Link Controller" and version " >= 11.1.0 <= 11.5.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Local Traffic Manager Search vendor "F5" for product "Big-ip Local Traffic Manager" | >= 11.1.0 <= 11.5.3 Search vendor "F5" for product "Big-ip Local Traffic Manager" and version " >= 11.1.0 <= 11.5.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Policy Enforcement Manager Search vendor "F5" for product "Big-ip Policy Enforcement Manager" | >= 11.3.0 <= 11.5.3 Search vendor "F5" for product "Big-ip Policy Enforcement Manager" and version " >= 11.3.0 <= 11.5.3" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Protocol Security Module Search vendor "F5" for product "Big-ip Protocol Security Module" | >= 11.1.0 <= 11.4.1 Search vendor "F5" for product "Big-ip Protocol Security Module" and version " >= 11.1.0 <= 11.4.1" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Wan Optimization Manager Search vendor "F5" for product "Big-ip Wan Optimization Manager" | >= 11.1.0 <= 11.3.0 Search vendor "F5" for product "Big-ip Wan Optimization Manager" and version " >= 11.1.0 <= 11.3.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Webaccelerator Search vendor "F5" for product "Big-ip Webaccelerator" | >= 11.1.0 <= 11.3.0 Search vendor "F5" for product "Big-ip Webaccelerator" and version " >= 11.1.0 <= 11.3.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-iq Adc Search vendor "F5" for product "Big-iq Adc" | 4.5.0 Search vendor "F5" for product "Big-iq Adc" and version "4.5.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-iq Centralized Management Search vendor "F5" for product "Big-iq Centralized Management" | 4.6.0 Search vendor "F5" for product "Big-iq Centralized Management" and version "4.6.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-iq Cloud Search vendor "F5" for product "Big-iq Cloud" | >= 4.0.0 <= 4.5.0 Search vendor "F5" for product "Big-iq Cloud" and version " >= 4.0.0 <= 4.5.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-iq Device Search vendor "F5" for product "Big-iq Device" | >= 4.2.0 <= 4.5.0 Search vendor "F5" for product "Big-iq Device" and version " >= 4.2.0 <= 4.5.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-iq Security Search vendor "F5" for product "Big-iq Security" | >= 4.0.0 <= 4.5.0 Search vendor "F5" for product "Big-iq Security" and version " >= 4.0.0 <= 4.5.0" | - |
Affected
| ||||||