Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1421

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2015-1421
Last Modified 13 May 2015 10:03:19
Published 16 Mar 2015 06:59:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1421

Summary

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

Vulnerable Systems

Operating System

  • Linux Kernel 3.18.7


References

CONFIRM - https://github.com/torvalds/linux/commit/600ddd6825543962fb807884169e57b580dba208

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1196581

MLIST - [oss-security] 20150129 Re: CVE request -- Linux kernel - net: sctp: slab corruption from use after free on INIT collisions

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=600ddd6825543962fb807884169e57b580dba208

DEBIAN - DSA-3170

UBUNTU - USN-2542-1

UBUNTU - USN-2541-1

REDHAT - RHSA-2015:0726

REDHAT - RHSA-2015:0751

UBUNTU - USN-2546-1

UBUNTU - USN-2545-1

REDHAT - RHSA-2015:0782

SECTRACK - 1032172

SUSE - SUSE-SU-2015:0832

Related Patches

Novell SUSE 2015:10717 kernel security update for SLE 11 SP3 i586

Novell SUSE 2015:10740 kernel security update for SLE 11 SP3 x86_64


Last Updated: 27 May 2016 11:03:28