** Description changed: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and - auth_capable fields before making a sctp_sf_authenticate call, which + auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. Break-Fix: bbd0d59809f923ea2b540cbd781b32110e249f6e ec0223ec48a90cb605244b45f7c62de856403729
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1293714 Title: CVE-2014-0101 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1293714/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
