exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

CVE-2014-7841

Status Candidate

Overview

The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.

Related Files

Red Hat Security Advisory 2015-0695-01
Posted Mar 18, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0695-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-5471, CVE-2014-5472, CVE-2014-7841, CVE-2014-8159
MD5 | d15369b6649a33c94b47812a68fff26a
Red Hat Security Advisory 2015-0285-01
Posted Mar 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0285-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. This issue was discovered by Liu Wei of Red Hat.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2014-7841
MD5 | bd1aeaf2d6c19f59a2b994f2f739aec3
Red Hat Security Advisory 2015-0284-03
Posted Mar 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0284-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2013-4483, CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-7841, CVE-2014-8160
MD5 | 965ec57c89dca6401eab1ad61522189a
Red Hat Security Advisory 2015-0102-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0102-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. A race condition flaw was found in the way the Linux kernel's mmap, madvise, and fallocate system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2014-4171, CVE-2014-5471, CVE-2014-5472, CVE-2014-7145, CVE-2014-7822, CVE-2014-7841
MD5 | 97136860966be61252c05fa237264b28
Red Hat Security Advisory 2015-0087-01
Posted Jan 28, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0087-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture implementation handled user controls. A local, privileged user could use this flaw to crash the system.

tags | advisory, remote, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-4656, CVE-2014-7841
MD5 | 3f5c534e0f5e3a27f2a736b0bafaca11
Mandriva Linux Security Advisory 2015-027
Posted Jan 16, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-027 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.

tags | advisory, remote, denial of service, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3688, CVE-2014-6416, CVE-2014-6417, CVE-2014-6418, CVE-2014-7841, CVE-2014-7842, CVE-2014-8133, CVE-2014-8884, CVE-2014-9090, CVE-2014-9322, CVE-2014-9419, CVE-2014-9420, CVE-2014-9529, CVE-2014-9584, CVE-2014-9585
MD5 | e4c9a93dcfe1e53e942185ebdbbe502e
Ubuntu Security Notice USN-2468-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2468-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
MD5 | cb096fee87ac7196fba24344b0e3268d
Ubuntu Security Notice USN-2467-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2467-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
MD5 | 1364663330e1e0c8461c5d686536b2d5
Ubuntu Security Notice USN-2466-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2466-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
MD5 | ad80de552ce7b27b72ac351c81a3f8f8
Ubuntu Security Notice USN-2465-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2465-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-7841, CVE-2014-7842, CVE-2014-7843, CVE-2014-8884
MD5 | 5896bc7df94f0b50ae45f0269444007f
Ubuntu Security Notice USN-2444-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2444-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7825, CVE-2014-7826, CVE-2014-7841, CVE-2014-8134, CVE-2014-8884, CVE-2014-9090
MD5 | df7e369d1de360702c1dbb1c82bc3e83
Ubuntu Security Notice USN-2443-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2443-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7825, CVE-2014-7826, CVE-2014-7841, CVE-2014-8134, CVE-2014-8884, CVE-2014-9090
MD5 | 385a8e69e579e05b67b4bd8e0aa93867
Ubuntu Security Notice USN-2442-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2442-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7841, CVE-2014-8134, CVE-2014-8709, CVE-2014-8884, CVE-2014-9090
MD5 | 01e5b144fdc1b3a34c2dc1b705ab1489
Ubuntu Security Notice USN-2441-1
Posted Dec 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2441-1 - An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7841, CVE-2014-8134, CVE-2014-8709, CVE-2014-8884, CVE-2014-9090
MD5 | d0339023f19d1e966b466e0e35e8b4e9
Debian Security Advisory 3093-1
Posted Dec 9, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3093-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-7841, CVE-2014-8369, CVE-2014-8884, CVE-2014-9090
MD5 | 1646dae0dc0e6a22651c4801f4ac683e
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close