Cybersecurity threats 2015: Denial of service in the Linux Kernel – January 29

Posted: January 29, 2015 in Vulnerabilities
Tags: ,

Hole in LinuxThree new vulnerabilities have been found in the Linux Kernel CVE-2014-3673, CVE-2014-3687, and CVE-2014-3688. These vulnerabilities allows a remote user to cause a denial of service (Kernel panic).

Denial of service in the Linux Kernel

Danger level: Middle
The presence of fixes: Yes
The number of vulnerabilities: 3
CVSSv2 rating: (AV: A / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: OF / RC: C) = Base: 6.1 / Temporal: 4.5
(AV: A / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: OF / RC: C) = Base: 6.1 / Temporal: 4.5
(AV: A / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: OF / RC: C) = Base: 6.1 / Temporal: 4.5
CVE ID: CVE-2014-3673; CVE-2014-3687; CVE-2014-3688

Vector of exploitation: Remote
Impact: Denial of service

Affected products: Linux Kernel 3.10.x, Linux Kernel 3.12.x, Linux Kernel 3.14.x, Linux Kernel 3.17.x
Affected versions: Linux Kernel versions prior to 3.17.4, Linux Kernel versions prior to 3.14.25, Linux Kernel versions prior to 3.10.61, Linux Kernel versions prior to 3.12.34

Maximum Linux Security

Description:

1. [CVE-2014-3673] The vulnerability is caused due to an error when processing ASCONF, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.. A remote user can cause denial of service.

2. [CVE-2014-3687] The vulnerability is caused due to an error in the function “sctp_assoc_lookup_asconf_ack ()” in the file net / sctp / associola.c which allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks.

3. [CVE-2014-3688] The vulnerability is caused due to an error related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. This allows remote attackers to cause a denial of service

Solution: Install the latest version from the manufacturer.


 

Linux TuxManufacturer’s URL: http://www.kernel.org/
References:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.25
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.61
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.34

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s