|Bugzilla:||1070705: CVE-2014-0101 kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk|
A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux AUS (v. 6.2 server) (kernel)||RHSA-2014:0520||May 20, 2014|
|Red Hat Enterprise Linux Server EUS (v. 6.3) (kernel)||RHSA-2014:0419||April 22, 2014|
|Red Hat Enterprise Linux Server EUS (v. 6.4) (kernel)||RHSA-2014:0432||April 24, 2014|
|Red Hat Enterprise Linux version 6 (kernel)||RHSA-2014:0328||March 25, 2014|
Red Hat would like to thank Nokia Siemens Networks for reporting this issue.
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.