Vulnerability Details : CVE-2014-0101
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2014-0101
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- F5 » Big-ip Local Traffic ManagerVersions from including (>=) 11.1.0 and up to, including, (<=) 11.5.3cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Global Traffic ManagerVersions from including (>=) 11.1.0 and up to, including, (<=) 11.5.3cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 11.1.0 and up to, including, (<=) 11.5.3cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Access Policy ManagerVersions from including (>=) 11.1.0 and up to, including, (<=) 11.5.3cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
- F5 » Big-ip Wan Optimization ManagerVersions from including (>=) 11.1.0 and up to, including, (<=) 11.3.0cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
- F5 » Big-ip Protocol Security ModuleVersions from including (>=) 11.1.0 and up to, including, (<=) 11.4.1cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Acceleration ManagerVersions from including (>=) 11.4.0 and up to, including, (<=) 11.5.3cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Firewall ManagerVersions from including (>=) 11.3.0 and up to, including, (<=) 11.5.3cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Policy Enforcement ManagerVersions from including (>=) 11.3.0 and up to, including, (<=) 11.5.3cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_enterprise_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_enterprise_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0101
65.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0101
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2014-0101
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0101
-
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html
Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0419.html
RHSA-2014:0419 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729
-
http://www.ubuntu.com/usn/USN-2174-1
USN-2174-1: Linux kernel (EC2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2173-1
USN-2173-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2014/03/04/6
oss-security - CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunkMailing List;Patch;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0328.html
RHSA-2014:0328 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0432.html
RHSA-2014:0432 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/65943
Linux Kernel CVE-2014-0101 NULL Pointer Dereference Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/59216
Sign inThird Party Advisory
-
https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729
net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable · torvalds/linux@ec0223e · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1070705
1070705 – (CVE-2014-0101) CVE-2014-0101 kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunkIssue Tracking;Patch;Third Party Advisory
Jump to