CVE-2014-0101

Published: Mar 11, 2014Modified: May 6, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.

Affected (35)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Tus, Enterprise Linux Workstation · Canonical: Ubuntu Linux · +1 more

Show all products

Linux

1 product

Linux Kernel

Redhat

6 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Canonical

1 product

Ubuntu Linux

19 products

Big Ip Access Policy Manager

Big Ip Advanced Firewall Manager

Big Ip Analytics

Big Ip Application Acceleration Manager

Big Ip Application Security Manager

Big Ip Edge Gateway

Big Ip Enterprise Manager

Big Ip Global Traffic Manager

Big Ip Link Controller

Big Ip Local Traffic Manager

Big Ip Policy Enforcement Manager

Big Ip Protocol Security Module

Big Ip Wan Optimization Manager

Big Ip Webaccelerator

Big Iq Adc

Big Iq Centralized Management

Big Iq Cloud

Big Iq Device

Big Iq Security

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.24 to 3.2.56
Linux Linux Kernel	From 3.11 to 3.12.15
Linux Linux Kernel	From 3.13 to 3.13.7
Linux Linux Kernel	From 3.3 to 3.4.84
Linux Linux Kernel	From 3.5 to 3.10.34

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.3
Redhat Enterprise Linux Eus	Version 6.4
Redhat Enterprise Linux Eus	Version 6.5
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.4
Redhat Enterprise Linux Server Aus	Version 6.5
Redhat Enterprise Linux Server Tus	Version 6.5
Redhat Enterprise Linux Workstation	Version 6.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04

Configuration D

20 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 11.1.0 to 11.5.3
F5 Big Ip Advanced Firewall Manager	From 11.3.0 to 11.5.3
F5 Big Ip Analytics	From 11.1.0 to 11.5.3
F5 Big Ip Application Acceleration Manager	From 11.4.0 to 11.5.3
F5 Big Ip Application Security Manager	From 11.1.0 to 11.5.3
F5 Big Ip Edge Gateway	From 11.1.0 to 11.3.0
F5 Big Ip Enterprise Manager	From 2.1.0 to 2.3.0
F5 Big Ip Enterprise Manager	From 3.0.0 to 3.1.1
F5 Big Ip Global Traffic Manager	From 11.1.0 to 11.5.3
F5 Big Ip Link Controller	From 11.1.0 to 11.5.3
F5 Big Ip Local Traffic Manager	From 11.1.0 to 11.5.3
F5 Big Ip Policy Enforcement Manager	From 11.3.0 to 11.5.3
F5 Big Ip Protocol Security Module	From 11.1.0 to 11.4.1
F5 Big Ip Wan Optimization Manager	From 11.1.0 to 11.3.0
F5 Big Ip Webaccelerator	From 11.1.0 to 11.3.0
F5 Big Iq Adc	Version 4.5.0
F5 Big Iq Centralized Management	Version 4.6.0
F5 Big Iq Cloud	From 4.0.0 to 4.5.0
F5 Big Iq Device	From 4.2.0 to 4.5.0
F5 Big Iq Security	From 4.0.0 to 4.5.0