[security-announce] kernel-NET-SCTP: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Jan 23 07:35:56 CET 2015


			Enea Linux Security Advisory
Fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable

======================================================================
Product/package: Kernel-NET-SCTP: (FSL kernel: 3.8.11)
Severity: Moderate
Issue date: 2015-01-23
CVE Names: CVE-2014-0101
Layer: meta-enea
======================================================================
A security patch that fixes CVE-2014-0101 is now available in the
"http://linux.enea.com/4.0/patches" folder:

README file: 0021-kernel-NET-SCTP-CVE-2014-0101.README
Patch file: 0021-kernel-NET-SCTP-CVE-2014-0101.patch

Description
===========
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c
in the Linux kernel through 3.13.6 does not validate certain
auth_enable and auth_capable fields before making an
sctp_sf_authenticate call, which allows remote attackers to
cause a denial of service (NULL pointer dereference and system
crash) via an SCTP handshake with a modified INIT chunk and a
crafted AUTH chunk before a COOKIE_ECHO chunk.

Reference
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0101

How to apply the patches
=========================
If you don't have installed the Enea Linux 4.0 Release:

# wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
# tar zxvf Enea-Linux-4.0.tar.gz

If you have already installed the Enea Linux 4.0 Release:

# cd Enea-Linux-4.0/poky/meta-enea
# wget
http://linux.enea.com/4.0/patches/0021-kernel-NET-SCTP-CVE-2014-0101.patch
# patch -p1 < ./0021-kernel-NET-SCTP-CVE-2014-0101.patch


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

ESRT (Enea Security Response Team)
Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email by
mistake please let us know by reply and then delete it from your system;
you should not copy it or disclose its contents to anyone.




More information about the security-announce mailing list