Bug 505668 (CVE-2014-0101)

Summary:	Kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk (CVE-2014-0101)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Kernel	Assignee:	Gentoo Kernel Security <security-kernel>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kernel
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2014-03-25 12:02:37 UTC

CVE-2014-0101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0101):

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not 
validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which 
allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an 
SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2014-08-10 22:04:09 UTC

CVE-2014-0101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0101):
  The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux
  kernel through 3.13.6 does not validate certain auth_enable and auth_capable
  fields before making an sctp_sf_authenticate call, which allows remote
  attackers to cause a denial of service (NULL pointer dereference and system
  crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH
  chunk before a COOKIE_ECHO chunk.

Comment 2 John Helmert III archtester

2022-03-25 19:46:15 UTC

Fix in 3.14: https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729