{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-25T00:00:00", "descriptions": [{"lang": "en", "value": "The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "60545", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60545"}, {"name": "62563", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62563"}, {"name": "SUSE-SU-2014:1316", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa"}, {"name": "USN-2335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"name": "USN-2334-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"name": "60430", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60430"}, {"name": "SUSE-SU-2014:1319", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"name": "60564", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60564"}, {"name": "RHSA-2014:1083", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"}, {"name": "[oss-security] 20140725 Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/07/26/1"}, {"name": "USN-2359-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2359-1"}, {"name": "RHSA-2014:1763", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1763.html"}, {"name": "59777", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59777"}, {"name": "RHSA-2014:1668", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1668.html"}, {"name": "linux-kernel-cve20145077-dos(95134)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95134"}, {"name": "1030681", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030681"}, {"name": "USN-2358-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2358-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122982"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa"}, {"name": "60744", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60744"}, {"name": "68881", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68881"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:34:37.246Z"}, "title": "CVE Program Container", "references": [{"name": "60545", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60545"}, {"name": "62563", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62563"}, {"name": "SUSE-SU-2014:1316", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa"}, {"name": "USN-2335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"name": "USN-2334-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"name": "60430", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60430"}, {"name": "SUSE-SU-2014:1319", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"name": "60564", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60564"}, {"name": "RHSA-2014:1083", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"}, {"name": "[oss-security] 20140725 Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/07/26/1"}, {"name": "USN-2359-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2359-1"}, {"name": "RHSA-2014:1763", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1763.html"}, {"name": "59777", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59777"}, {"name": "RHSA-2014:1668", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1668.html"}, {"name": "linux-kernel-cve20145077-dos(95134)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95134"}, {"name": "1030681", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030681"}, {"name": "USN-2358-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2358-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122982"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa"}, {"name": "60744", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60744"}, {"name": "68881", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68881"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-5077", "datePublished": "2014-08-01T10:00:00", "dateReserved": "2014-07-24T00:00:00", "dateUpdated": "2024-08-06T11:34:37.246Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B676747-1F46-4FE6-9A98-F0E01F35F9D9", "versionEndExcluding": "3.2.63", "versionStartIncluding": "2.6.24", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBB265C8-DADA-44DC-A0DC-161CCDAB6EDA", "versionEndExcluding": "3.4.103", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20AF0C16-3319-4384-BDFC-95F8D4764969", "versionEndExcluding": "3.10.53", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "958A3619-3689-4544-8F01-6354F9883892", "versionEndExcluding": "3.12.27", "versionStartIncluding": "3.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABF3BDEA-4798-4715-94EE-48BCB7DC1287", "versionEndExcluding": "3.14.17", "versionStartIncluding": "3.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDF22CFE-2BCA-4178-9131-568ECF426054", "versionEndExcluding": "3.15.10", "versionStartIncluding": "3.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "569964DA-31BE-4520-A66D-C3B09D557AB8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction."}, {"lang": "es", "value": "La funci\u00f3n sctp_assoc_update en net/sctp/associola.c en el kernel de Linux hasta 3.15.8, cuando la autenticaci\u00f3n SCTP est\u00e1 habilitada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y OOPS) mediante el inicio del establecimiento de una asociaci\u00f3n entre dos endpoints inmediatamente despu\u00e9s de un intercambio de fragmentos INIT y INIT ACK para establecer una asociaci\u00f3n anterior entre estos endpoints en la direcci\u00f3n opuesta."}], "id": "CVE-2014-5077", "lastModified": "2023-05-19T16:50:38.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-01T11:13:09.507", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1668.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1763.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59777"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60430"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60545"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60564"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60744"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/62563"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/07/26/1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68881"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030681"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2358-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2359-1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122982"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95134"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1392", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-504.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1763", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "kernel-0:2.6.32-220.56.1.el6", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1872", "cpe": "cpe:/o:redhat:rhel_eus:6.4", "package": "kernel-0:2.6.32-358.51.1.el6", "product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support", "release_date": "2014-11-18T00:00:00Z"}, {"advisory": "RHSA-2014:1668", "cpe": "cpe:/o:redhat:rhel_eus:6.5", "package": "kernel-0:2.6.32-431.37.1.el6", "product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date": "2014-10-23T00:00:00Z"}, {"advisory": "RHSA-2014:1724", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-123.9.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-10-28T00:00:00Z"}, {"advisory": "RHSA-2014:1083", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.10.33-rt32.45.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-08-20T00:00:00Z"}], "bugzilla": {"description": "Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions", "id": "1122982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122982"}, "csaw": false, "cvss": {"cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified"}, "cwe": "CWE-476", "details": ["The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.", "A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system."], "name": "CVE-2014-5077", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-07-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-5077\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5077"], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as it doesn't provide support for AUTH chunks.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue. This issue has been fixed in Red Hat Enterprise MRG via RHSA-2014:1083.", "threat_severity": "Important"}