CVE-2014-0101

CVSS v2.0 7.8 (High)

EPSS 91.79 % (99^th)

Affected Products 27

Advisories 63

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-03-11 13:01:06
(10 years ago)
Updated Date: 2023-02-13 00:32:28
(19 months ago)

Affected Products

Canonical

Ubuntu Linux

F5

Linux

Linux Kernel

Redhat

Configuration #1

	CPE23	From	Up To
Linux Kernel from 2.6.24 version and prior 3.2.56 version	cpe:2.3:o:linux:linux_kernel	>= 2.6.24	< 3.2.56
Linux Kernel from 3.3 version and prior 3.4.84 version	cpe:2.3:o:linux:linux_kernel	>= 3.3	< 3.4.84
Linux Kernel from 3.5 version and prior 3.10.34 version	cpe:2.3:o:linux:linux_kernel	>= 3.5	< 3.10.34
Linux Kernel from 3.11 version and prior 3.12.15 version	cpe:2.3:o:linux:linux_kernel	>= 3.11	< 3.12.15
Linux Kernel from 3.13 version and prior 3.13.7 version	cpe:2.3:o:linux:linux_kernel	>= 3.13	< 3.13.7

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Eus 6.3	cpe:2.3:o:redhat:enterprise_linux_eus:6.3
	Redhat Enterprise Linux Eus 6.4	cpe:2.3:o:redhat:enterprise_linux_eus:6.4
	Redhat Enterprise Linux Eus 6.5	cpe:2.3:o:redhat:enterprise_linux_eus:6.5
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server Aus 6.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
	Redhat Enterprise Linux Server Aus 6.5	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
	Redhat Enterprise Linux Server Tus 6.5	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04:::*:-

Configuration #4

	CPE23	From	Up To
F5 Big-ip Access Policy Manager from 11.1.0 version and 11.5.3 and prior versions	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 11.1.0	<= 11.5.3
F5 Big-ip Advanced Firewall Manager from 11.3.0 version and 11.5.3 and prior versions	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 11.3.0	<= 11.5.3
F5 Big-ip Analytics from 11.1.0 version and 11.5.3 and prior versions	cpe:2.3:a:f5:big-ip_analytics	>= 11.1.0	<= 11.5.3
F5 Big-ip Application Acceleration Manager from 11.4.0 version and 11.5.3 and prior versions	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 11.4.0	<= 11.5.3
F5 Big-ip Application Security Manager from 11.1.0 version and 11.5.3 and prior versions	cpe:2.3:a:f5:big-ip_application_security_manager	>= 11.1.0	<= 11.5.3
F5 Big-ip Edge Gateway from 11.1.0 version and 11.3.0 and prior versions	cpe:2.3:a:f5:big-ip_edge_gateway	>= 11.1.0	<= 11.3.0
F5 Big-ip Enterprise Manager from 2.1.0 version and 2.3.0 and prior versions	cpe:2.3:a:f5:big-ip_enterprise_manager	>= 2.1.0	<= 2.3.0
F5 Big-ip Enterprise Manager from 3.0.0 version and 3.1.1 and prior versions	cpe:2.3:a:f5:big-ip_enterprise_manager	>= 3.0.0	<= 3.1.1
F5 Big-ip Global Traffic Manager from 11.1.0 version and 11.5.3 and prior versions	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 11.1.0	<= 11.5.3
F5 Big-ip Link Controller from 11.1.0 version and 11.5.3 and prior versions	cpe:2.3:a:f5:big-ip_link_controller	>= 11.1.0	<= 11.5.3
F5 Big-ip Local Traffic Manager from 11.1.0 version and 11.5.3 and prior versions	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 11.1.0	<= 11.5.3
F5 Big-ip Policy Enforcement Manager from 11.3.0 version and 11.5.3 and prior versions	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 11.3.0	<= 11.5.3
F5 Big-ip Protocol Security Module from 11.1.0 version and 11.4.1 and prior versions	cpe:2.3:a:f5:big-ip_protocol_security_module	>= 11.1.0	<= 11.4.1
F5 Big-ip Wan Optimization Manager from 11.1.0 version and 11.3.0 and prior versions	cpe:2.3:a:f5:big-ip_wan_optimization_manager	>= 11.1.0	<= 11.3.0
F5 Big-ip Webaccelerator from 11.1.0 version and 11.3.0 and prior versions	cpe:2.3:a:f5:big-ip_webaccelerator	>= 11.1.0	<= 11.3.0
F5 Big-iq Adc 4.5.0	cpe:2.3:a:f5:big-iq_adc:4.5.0
F5 Big-iq Centralized Management 4.6.0	cpe:2.3:a:f5:big-iq_centralized_management:4.6.0
F5 Big-iq Cloud from 4.0.0 version and 4.5.0 and prior versions	cpe:2.3:a:f5:big-iq_cloud	>= 4.0.0	<= 4.5.0
F5 Big-iq Device from 4.2.0 version and 4.5.0 and prior versions	cpe:2.3:a:f5:big-iq_device	>= 4.2.0	<= 4.5.0
F5 Big-iq Security from 4.0.0 version and 4.5.0 and prior versions	cpe:2.3:a:f5:big-iq_security	>= 4.0.0	<= 4.5.0