CVE-2014-5077

Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions

Severity Score

7.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

La función sctp_assoc_update en net/sctp/associola.c en el kernel de Linux hasta 3.15.8, cuando la autenticación SCTP está habilitada, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y OOPS) mediante el inicio del establecimiento de una asociación entre dos endpoints inmediatamente después de un intercambio de fragmentos INIT y INIT ACK para establecer una asociación anterior entre estos endpoints en la dirección opuesta.

A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.

*Credits: N/A

CVSS Scores

NISTv2 7.1

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-07-24 CVE Reserved
2014-08-01 CVE Published
2024-03-13 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (23)

URL	Tag	Source
http://secunia.com/advisories/59777	Third Party Advisory
http://secunia.com/advisories/60430	Third Party Advisory
http://secunia.com/advisories/60545	Third Party Advisory
http://secunia.com/advisories/60564	Third Party Advisory
http://secunia.com/advisories/60744	Third Party Advisory
http://secunia.com/advisories/62563	Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/07/26/1	Mailing List
http://www.securityfocus.com/bid/68881	Third Party Advisory
http://www.securitytracker.com/id/1030681	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95134	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1122982	2014-11-18
https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa	2023-05-19

URL	Date	SRC
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa	2023-05-19
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html	2023-05-19
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html	2023-05-19
http://rhn.redhat.com/errata/RHSA-2014-1083.html	2023-05-19
http://rhn.redhat.com/errata/RHSA-2014-1668.html	2023-05-19
http://rhn.redhat.com/errata/RHSA-2014-1763.html	2023-05-19
http://www.ubuntu.com/usn/USN-2334-1	2023-05-19
http://www.ubuntu.com/usn/USN-2335-1	2023-05-19
http://www.ubuntu.com/usn/USN-2358-1	2023-05-19
http://www.ubuntu.com/usn/USN-2359-1	2023-05-19
https://access.redhat.com/security/cve/CVE-2014-5077	2014-11-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.24 < 3.2.63 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 3.2.63"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 3.4.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.103"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 3.10.53 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.53"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.11 < 3.12.27 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.27"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 3.14.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.17"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 3.15.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.15.10"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				11 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Real Time Extension Search vendor "Suse" for product "Linux Enterprise Real Time Extension"				11 Search vendor "Suse" for product "Linux Enterprise Real Time Extension" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp3, vmware		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				6.5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "6.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				6.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				6.5 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				6.5 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "6.5"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		esm		Affected