Linux Kernel sctp null pointer indirect reference Denial of Service Vulnerability
Release date:
Updated on:
Affected Systems:
Linux kernel <3.15.8
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68881
CVE (CAN) ID: CVE-2014-5077
Linux Kernel is the Kernel of the Linux operating system.
In versions earlier than Linux kernel 3.15.8, net/sctp/associola. the sctp_assoc_update function in c allows remote attackers to establish an association between two endpoints immediately after the INIT and init ack blocks are exchanged, and then establish a reverse association between the endpoints, cause denial of service (NULL pointer indirect reference and application crash ).
<* Source: Daniel Borkmann
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.kernel.org /? P = linux/kernel/git/torvalds/linux-2.6.git; a = commit; h = 1be9a950c646c9092fb3618197f7b6bfb50e82aa
Https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1122982
How to install Linux 3.11 Kernel on Ubuntu
The Ubuntu 13.10 (Saucy Salamander) Kernel has been upgraded to Linux Kernel 3.10 RC5
Linux Kernel 3.4.62 LTS is now available for download
How to install Linux kernel 13.10 On Ubuntu 3.12
Linux Kernel: click here
Linux Kernel: click here
This article permanently updates the link address: