First Last Prev Next    This bug is not in your last search results.
Bug 889173 - (CVE-2014-5077) VUL-0: CVE-2014-5077: kernel-source: net: SCTP: fix a NULL pointer dereference during INIT collisions
(CVE-2014-5077)
VUL-0: CVE-2014-5077: kernel-source: net: SCTP: fix a NULL pointer dereferenc...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/104049/
maint:released:sle11-sp2:58650 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-28 09:07 UTC by Victor Pereira
Modified: 2019-12-10 09:35 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-07-28 09:07:30 UTC 
CVE-2014-5077

Linux kernel built with the support for Stream Control Transmission Protocol
(CONFIG_IP_SCTP) is vulnerable to a NULL pointer dereference flaw. It could
occur when simultaneous new connections are initiated between the same pair of
hosts.

A remote user/program could use this flaw to crash the system kernel resulting
in DoS.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1122982
http://patchwork.ozlabs.org/patch/372475/ (upstream fix)
Comment 3 Swamp Workflow Management 2014-07-28 22:00:17 UTC 
bugbot adjusting priority
Comment 4 Benjamin Poirier 2014-07-28 23:15:09 UTC 
I can't say that I understand all the details but it looks sensible. As
mentionned above it fixes a race condition that can occur during the handshake
when two sides open an sctp connection at the same time and the secret
material is shared between connections.

There is yet more discussion in the v1 thread:
http://thread.gmane.org/gmane.linux.network/323550

---

Introduced by
730fc3d [SCTP]: Implete SCTP-AUTH parameter processing (v2.6.24-rc1)
Fixed by
1be9a95 net: sctp: inherit auth_capable on INIT collisions (remotes/net/master)

SLE11-SP1-LTSS : 2.6.32.59
SLE11-SP2-LTSS : 3.0.101
SLE11-SP3 : 3.0.101
SLE12 : 3.12.24
openSUSE-12.3 : 3.7.10
openSUSE-13.1 : 3.11.10

Applied to all
Comment 5 SMASH SMASH 2014-07-29 06:30:28 UTC 
Affected packages:

SLE-10-SP3-TERADATA: kernel-source
SLE-11-SP1-TERADATA: kernel-source
SLE-11-SP3: kernel-source
Comment 7 Swamp Workflow Management 2014-07-29 22:00:13 UTC 
bugbot adjusting priority
Comment 8 Swamp Workflow Management 2014-08-27 10:29:36 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-09-03.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58726
Comment 9 Swamp Workflow Management 2014-09-09 23:14:30 UTC 
SUSE-SU-2014:1105-1: An update that solves 18 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 846404,864464,866911,870173,870576,871676,871797,871854,872634,873374,876590,877257,877775,878115,878509,879921,880484,881051,882804,883724,883795,885422,885725,886474,889173,889324
CVE References: CVE-2013-4299,CVE-2014-0055,CVE-2014-0077,CVE-2014-1739,CVE-2014-2706,CVE-2014-2851,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-5077
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    kernel-default-3.0.101-0.7.23.1, kernel-ec2-3.0.101-0.7.23.1, kernel-pae-3.0.101-0.7.23.1, kernel-source-3.0.101-0.7.23.1, kernel-syms-3.0.101-0.7.23.1, kernel-trace-3.0.101-0.7.23.1, kernel-xen-3.0.101-0.7.23.1, xen-4.1.6_06-0.5.30
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.7.23.1, kernel-pae-3.0.101-0.7.23.1, kernel-xen-3.0.101-0.7.23.1
Comment 10 Swamp Workflow Management 2014-09-15 12:23:50 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-09-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58965
Comment 12 Swamp Workflow Management 2014-09-16 17:09:26 UTC 
SUSE-SU-2014:1138-1: An update that fixes 22 vulnerabilities is now available.

Category: security (important)
Bug References: 794824,806431,831058,854722,856756,871797,877257,879921,880484,881051,882809,883526,883724,883795,884530,885422,885725,887082,889173,892490
CVE References: CVE-2013-1860,CVE-2013-4162,CVE-2013-7266,CVE-2013-7267,CVE-2013-7268,CVE-2013-7269,CVE-2013-7270,CVE-2013-7271,CVE-2014-0203,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-4943,CVE-2014-5077
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    kernel-default-2.6.32.59-0.15.2, kernel-ec2-2.6.32.59-0.15.2, kernel-pae-2.6.32.59-0.15.2, kernel-source-2.6.32.59-0.15.2, kernel-syms-2.6.32.59-0.15.2, kernel-trace-2.6.32.59-0.15.2, kernel-xen-2.6.32.59-0.15.2, xen-4.0.3_21548_16-0.5.26
SLE 11 SERVER Unsupported Extras (src):    kernel-default-2.6.32.59-0.15.2, kernel-pae-2.6.32.59-0.15.2, kernel-xen-2.6.32.59-0.15.2
Comment 13 Swamp Workflow Management 2014-09-28 16:11:27 UTC 
openSUSE-SU-2014:1246-1: An update that solves 18 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 846404,854722,864464,866911,870173,870576,871676,871797,871854,872634,873374,876590,877257,878115,878509,879921,880484,881051,882804,883724,883795,885422,885725,886474,889173,889324
CVE References: CVE-2013-6463,CVE-2014-0055,CVE-2014-0077,CVE-2014-1739,CVE-2014-2706,CVE-2014-2851,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-5077
Sources used:
openSUSE Evergreen 11.4 (src):    kernel-docs-3.0.101-91.2, kernel-source-3.0.101-91.1, kernel-syms-3.0.101-91.1, preload-1.2-6.69.2
Comment 14 Swamp Workflow Management 2014-10-22 19:19:06 UTC 
SUSE-SU-2014:1316-1: An update that solves 11 vulnerabilities and has 64 fixes is now available.

Category: security (important)
Bug References: 774818,806990,816708,826486,832309,849123,855657,859840,860441,860593,863586,866130,866615,866864,866911,869055,869934,870161,871797,876017,876055,876114,876590,879921,880344,880370,881051,881759,882317,882639,882804,882900,883376,883518,883724,884333,884582,884725,884767,885262,885382,885422,885509,886840,887082,887503,887608,887645,887680,888058,888105,888591,888607,888847,888849,888968,889061,889173,889451,889614,889727,890297,890426,890513,890526,891087,891259,891619,892200,892490,892723,893064,893496,893596,894200
CVE References: CVE-2013-1979,CVE-2014-1739,CVE-2014-2706,CVE-2014-4027,CVE-2014-4171,CVE-2014-4508,CVE-2014-4667,CVE-2014-4943,CVE-2014-5077,CVE-2014-5471,CVE-2014-5472
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-bigsmp-3.0.101-0.40.1
SUSE Linux Enterprise Server 11 SP3 (src):    iscsitarget-1.4.20-0.38.83, kernel-bigsmp-3.0.101-0.40.1, ofed-1.5.4.1-0.13.89, oracleasm-2.0.5-7.39.89
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.98, drbd-kmp-8.4.4-0.22.64, gfs2-2-0.16.104, ocfs2-1.6-0.20.98
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-bigsmp-3.0.101-0.40.1
SLE 11 SERVER Unsupported Extras (src):    kernel-bigsmp-3.0.101-0.40.1
Comment 15 Swamp Workflow Management 2014-10-22 23:21:18 UTC 
SUSE-SU-2014:1319-1: An update that solves 13 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 774818,806990,816708,826486,832309,833820,849123,855657,859840,860441,860593,863586,866130,866615,866864,866911,869055,869934,870161,871134,871797,876017,876055,876114,876590,879304,879921,880344,880370,880892,881051,881759,882317,882639,882804,882900,883096,883376,883518,883724,884333,884582,884725,884767,885262,885382,885422,885509,886840,887082,887418,887503,887608,887645,887680,888058,888105,888591,888607,888847,888849,888968,889061,889173,889451,889614,889727,890297,890426,890513,890526,891087,891259,891281,891619,891746,892200,892490,892723,893064,893496,893596,894200,895221,895608,895680,895983,896689
CVE References: CVE-2013-1979,CVE-2014-1739,CVE-2014-2706,CVE-2014-3153,CVE-2014-4027,CVE-2014-4171,CVE-2014-4508,CVE-2014-4667,CVE-2014-4943,CVE-2014-5077,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    kernel-default-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-source-3.0.101-0.40.1, kernel-syms-3.0.101-0.40.1, kernel-trace-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1
SUSE Linux Enterprise Server 11 SP3 (src):    kernel-default-3.0.101-0.40.1, kernel-ec2-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-ppc64-3.0.101-0.40.1, kernel-source-3.0.101-0.40.1, kernel-syms-3.0.101-0.40.1, kernel-trace-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1, xen-4.2.4_04-0.7.3
SUSE Linux Enterprise Real Time Extension 11 SP3 (src):    cluster-network-1.4-2.27.99, drbd-kmp-8.4.4-0.22.65, iscsitarget-1.4.20-0.38.84, kernel-rt-3.0.101.rt130-0.28.1, kernel-rt_trace-3.0.101.rt130-0.28.1, kernel-source-rt-3.0.101.rt130-0.28.1, kernel-syms-rt-3.0.101.rt130-0.28.1, lttng-modules-2.1.1-0.11.75, ocfs2-1.6-0.20.99, ofed-1.5.4.1-0.13.90
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    cluster-network-1.4-2.27.98, gfs2-2-0.16.104, ocfs2-1.6-0.20.98
SUSE Linux Enterprise Desktop 11 SP3 (src):    kernel-default-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-source-3.0.101-0.40.1, kernel-syms-3.0.101-0.40.1, kernel-trace-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1, xen-4.2.4_04-0.7.3
SLE 11 SERVER Unsupported Extras (src):    kernel-default-3.0.101-0.40.1, kernel-pae-3.0.101-0.40.1, kernel-ppc64-3.0.101-0.40.1, kernel-xen-3.0.101-0.40.1
Comment 16 Marcus Meissner 2014-11-18 17:00:44 UTC 
seems released
Comment 17 Swamp Workflow Management 2014-12-19 18:06:56 UTC 
openSUSE-SU-2014:1669-1: An update that solves 22 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 768714,818561,835839,853040,865882,882639,883518,883724,883948,887082,889173,890624,892490,896382,896385,896390,896391,896392,896689,899785,904013,904700,905100,905764,907818,909077,910251
CVE References: CVE-2013-2889,CVE-2013-2891,CVE-2014-3181,CVE-2014-3182,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-4171,CVE-2014-4508,CVE-2014-4608,CVE-2014-4943,CVE-2014-5077,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-8709,CVE-2014-8884,CVE-2014-9090,CVE-2014-9322
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.45.2, kernel-source-3.7.10-1.45.1, kernel-syms-3.7.10-1.45.1
Comment 18 Swamp Workflow Management 2014-12-21 12:08:30 UTC 
openSUSE-SU-2014:1677-1: An update that solves 31 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 818966,835839,853040,856659,864375,865882,873790,875051,881008,882639,882804,883518,883724,883948,883949,884324,887046,887082,889173,890114,891689,892490,893429,896382,896385,896390,896391,896392,896689,897736,899785,900392,902346,902349,902351,904013,904700,905100,905744,907818,908163,909077,910251
CVE References: CVE-2013-2891,CVE-2013-2898,CVE-2014-0181,CVE-2014-0206,CVE-2014-1739,CVE-2014-3181,CVE-2014-3182,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-4171,CVE-2014-4508,CVE-2014-4608,CVE-2014-4611,CVE-2014-4943,CVE-2014-5077,CVE-2014-5206,CVE-2014-5207,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410,CVE-2014-7826,CVE-2014-7841,CVE-2014-7975,CVE-2014-8133,CVE-2014-8709,CVE-2014-9090,CVE-2014-9322
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.16.1, crash-7.0.2-2.16.1, hdjmod-1.28-16.16.1, ipset-6.21.1-2.20.1, iscsitarget-1.4.20.3-13.16.1, kernel-docs-3.11.10-25.2, kernel-source-3.11.10-25.1, kernel-syms-3.11.10-25.1, ndiswrapper-1.58-16.1, pcfclock-0.44-258.16.1, vhba-kmp-20130607-2.17.1, virtualbox-4.2.18-2.21.1, xen-4.3.2_02-30.1, xtables-addons-2.3-2.16.1
First Last Prev Next    This bug is not in your last search results.