Think you have a false positive on this rule?

Sid 1-34802

Message

OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt

Summary

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/smmakechunk.c and net/sctp/sm_statefuns.c.

Impact

CVSS base score 7.8 CVSS impact score 6.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2014-3673:

CVSS base score 7.8

CVSS impact score 6.9

CVSS exploitability score 10.0

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Detailed information

CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/smmakechunk.c and net/sctp/sm_statefuns.c.

Affected systems

  • linux linux_kernel 3.0
  • linux linux_kernel 3.0.1
  • linux linux_kernel 3.0.2
  • linux linux_kernel 3.0.3
  • linux linux_kernel 3.0.4
  • linux linux_kernel 3.0.5
  • linux linux_kernel 3.0.6
  • linux linux_kernel 3.0.7
  • linux linux_kernel 3.0.8
  • linux linux_kernel 3.0.9
  • linux linux_kernel 3.0.10
  • linux linux_kernel 3.0.11
  • linux linux_kernel 3.0.12
  • linux linux_kernel 3.0.13
  • linux linux_kernel 3.0.14
  • linux linux_kernel 3.0.15
  • linux linux_kernel 3.0.16
  • linux linux_kernel 3.0.17
  • linux linux_kernel 3.0.18
  • linux linux_kernel 3.0.19
  • linux linux_kernel 3.0.20
  • linux linux_kernel 3.0.21
  • linux linux_kernel 3.0.22
  • linux linux_kernel 3.0.23
  • linux linux_kernel 3.0.24
  • linux linux_kernel 3.0.25
  • linux linux_kernel 3.0.26
  • linux linux_kernel 3.0.27
  • linux linux_kernel 3.0.28
  • linux linux_kernel 3.0.29
  • linux linux_kernel 3.0.30
  • linux linux_kernel 3.0.31
  • linux linux_kernel 3.0.32
  • linux linux_kernel 3.0.33
  • linux linux_kernel 3.0.34
  • linux linux_kernel 3.0.35
  • linux linux_kernel 3.0.36
  • linux linux_kernel 3.0.37
  • linux linux_kernel 3.0.38
  • linux linux_kernel 3.0.39
  • linux linux_kernel 3.0.40
  • linux linux_kernel 3.0.41
  • linux linux_kernel 3.0.42
  • linux linux_kernel 3.0.43
  • linux linux_kernel 3.0.44
  • linux linux_kernel 3.0.45
  • linux linux_kernel 3.0.46
  • linux linux_kernel 3.0.47
  • linux linux_kernel 3.0.48
  • linux linux_kernel 3.0.49
  • linux linux_kernel 3.0.50
  • linux linux_kernel 3.0.51
  • linux linux_kernel 3.0.52
  • linux linux_kernel 3.0.53
  • linux linux_kernel 3.0.54
  • linux linux_kernel 3.0.55
  • linux linux_kernel 3.0.56
  • linux linux_kernel 3.0.57
  • linux linux_kernel 3.0.58
  • linux linux_kernel 3.0.59
  • linux linux_kernel 3.0.60
  • linux linux_kernel 3.0.61
  • linux linux_kernel 3.0.62
  • linux linux_kernel 3.0.63
  • linux linux_kernel 3.0.64
  • linux linux_kernel 3.0.65
  • linux linux_kernel 3.0.66
  • linux linux_kernel 3.0.67
  • linux linux_kernel 3.0.68
  • linux linux_kernel 3.1
  • linux linux_kernel 3.1.1
  • linux linux_kernel 3.1.2
  • linux linux_kernel 3.1.3
  • linux linux_kernel 3.1.4
  • linux linux_kernel 3.1.5
  • linux linux_kernel 3.1.6
  • linux linux_kernel 3.1.7
  • linux linux_kernel 3.1.8
  • linux linux_kernel 3.1.9
  • linux linux_kernel 3.1.10
  • linux linux_kernel 3.2
  • linux linux_kernel 3.2.1
  • linux linux_kernel 3.2.2
  • linux linux_kernel 3.2.3
  • linux linux_kernel 3.2.4
  • linux linux_kernel 3.2.5
  • linux linux_kernel 3.2.6
  • linux linux_kernel 3.2.7
  • linux linux_kernel 3.2.8
  • linux linux_kernel 3.2.9
  • linux linux_kernel 3.2.10
  • linux linux_kernel 3.2.11
  • linux linux_kernel 3.2.12
  • linux linux_kernel 3.2.13
  • linux linux_kernel 3.2.14
  • linux linux_kernel 3.2.15
  • linux linux_kernel 3.2.16
  • linux linux_kernel 3.2.17
  • linux linux_kernel 3.2.18
  • linux linux_kernel 3.2.19
  • linux linux_kernel 3.2.20
  • linux linux_kernel 3.2.21
  • linux linux_kernel 3.2.22
  • linux linux_kernel 3.2.23
  • linux linux_kernel 3.2.24
  • linux linux_kernel 3.2.25
  • linux linux_kernel 3.2.26
  • linux linux_kernel 3.2.27
  • linux linux_kernel 3.2.28
  • linux linux_kernel 3.2.29
  • linux linux_kernel 3.2.30
  • linux linux_kernel 3.3
  • linux linux_kernel 3.3.1
  • linux linux_kernel 3.3.2
  • linux linux_kernel 3.3.3
  • linux linux_kernel 3.3.4
  • linux linux_kernel 3.3.5
  • linux linux_kernel 3.3.6
  • linux linux_kernel 3.3.7
  • linux linux_kernel 3.3.8
  • linux linux_kernel 3.4
  • linux linux_kernel 3.4.1
  • linux linux_kernel 3.4.2
  • linux linux_kernel 3.4.3
  • linux linux_kernel 3.4.4
  • linux linux_kernel 3.4.5
  • linux linux_kernel 3.4.6
  • linux linux_kernel 3.4.7
  • linux linux_kernel 3.4.8
  • linux linux_kernel 3.4.9
  • linux linux_kernel 3.4.10
  • linux linux_kernel 3.4.11
  • linux linux_kernel 3.4.12
  • linux linux_kernel 3.4.13
  • linux linux_kernel 3.4.14
  • linux linux_kernel 3.4.15
  • linux linux_kernel 3.4.16
  • linux linux_kernel 3.4.17
  • linux linux_kernel 3.4.18
  • linux linux_kernel 3.4.19
  • linux linux_kernel 3.4.20
  • linux linux_kernel 3.4.21
  • linux linux_kernel 3.4.22
  • linux linux_kernel 3.4.23
  • linux linux_kernel 3.4.24
  • linux linux_kernel 3.4.25
  • linux linux_kernel 3.4.26
  • linux linux_kernel 3.4.27
  • linux linux_kernel 3.4.28
  • linux linux_kernel 3.4.29
  • linux linux_kernel 3.4.30
  • linux linux_kernel 3.4.31
  • linux linux_kernel 3.4.32
  • linux linux_kernel 3.4.33
  • linux linux_kernel 3.4.34
  • linux linux_kernel 3.4.35
  • linux linux_kernel 3.4.36
  • linux linux_kernel 3.4.37
  • linux linux_kernel 3.4.38
  • linux linux_kernel 3.4.39
  • linux linux_kernel 3.4.40
  • linux linux_kernel 3.4.41
  • linux linux_kernel 3.4.42
  • linux linux_kernel 3.4.43
  • linux linux_kernel 3.4.44
  • linux linux_kernel 3.4.45
  • linux linux_kernel 3.4.46
  • linux linux_kernel 3.4.47
  • linux linux_kernel 3.4.48
  • linux linux_kernel 3.4.49
  • linux linux_kernel 3.4.50
  • linux linux_kernel 3.4.51
  • linux linux_kernel 3.4.52
  • linux linux_kernel 3.4.53
  • linux linux_kernel 3.4.54
  • linux linux_kernel 3.4.55
  • linux linux_kernel 3.4.56
  • linux linux_kernel 3.4.57
  • linux linux_kernel 3.4.58
  • linux linux_kernel 3.4.59
  • linux linux_kernel 3.4.60
  • linux linux_kernel 3.4.61
  • linux linux_kernel 3.4.62
  • linux linux_kernel 3.4.63
  • linux linux_kernel 3.4.64
  • linux linux_kernel 3.4.65
  • linux linux_kernel 3.4.66
  • linux linux_kernel 3.4.67
  • linux linux_kernel 3.4.68
  • linux linux_kernel 3.4.69
  • linux linux_kernel 3.4.70
  • linux linux_kernel 3.4.71
  • linux linux_kernel 3.4.72
  • linux linux_kernel 3.4.73
  • linux linux_kernel 3.4.74
  • linux linux_kernel 3.4.75
  • linux linux_kernel 3.4.76
  • linux linux_kernel 3.4.77
  • linux linux_kernel 3.4.78
  • linux linux_kernel 3.4.79
  • linux linux_kernel 3.5.1
  • linux linux_kernel 3.5.2
  • linux linux_kernel 3.5.3
  • linux linux_kernel 3.5.4
  • linux linux_kernel 3.5.5
  • linux linux_kernel 3.5.6
  • linux linux_kernel 3.5.7
  • linux linux_kernel 3.6
  • linux linux_kernel 3.6.1
  • linux linux_kernel 3.6.2
  • linux linux_kernel 3.6.3
  • linux linux_kernel 3.6.4
  • linux linux_kernel 3.6.5
  • linux linux_kernel 3.6.6
  • linux linux_kernel 3.6.7
  • linux linux_kernel 3.6.8
  • linux linux_kernel 3.6.9
  • linux linux_kernel 3.6.10
  • linux linux_kernel 3.6.11
  • linux linux_kernel 3.7
  • linux linux_kernel 3.7.1
  • linux linux_kernel 3.7.2
  • linux linux_kernel 3.7.3
  • linux linux_kernel 3.7.4
  • linux linux_kernel 3.7.5
  • linux linux_kernel 3.7.6
  • linux linux_kernel 3.7.7
  • linux linux_kernel 3.7.8
  • linux linux_kernel 3.7.9
  • linux linux_kernel 3.7.10
  • linux linux_kernel 3.8.0
  • linux linux_kernel 3.8.1
  • linux linux_kernel 3.8.2
  • linux linux_kernel 3.8.3
  • linux linux_kernel 3.8.4
  • linux linux_kernel 3.8.5
  • linux linux_kernel 3.8.6
  • linux linux_kernel 3.8.7
  • linux linux_kernel 3.8.8
  • linux linux_kernel 3.8.9
  • linux linux_kernel 3.8.10
  • linux linux_kernel 3.8.11
  • linux linux_kernel 3.8.12
  • linux linux_kernel 3.8.13
  • linux linux_kernel 3.9
  • linux linux_kernel 3.9.0
  • linux linux_kernel 3.9.1
  • linux linux_kernel 3.9.2
  • linux linux_kernel 3.9.3
  • linux linux_kernel 3.9.4
  • linux linux_kernel 3.9.5
  • linux linux_kernel 3.9.6
  • linux linux_kernel 3.9.7
  • linux linux_kernel 3.9.8
  • linux linux_kernel 3.9.9
  • linux linux_kernel 3.9.10
  • linux linux_kernel 3.9.11
  • linux linux_kernel 3.10
  • linux linux_kernel 3.10.0
  • linux linux_kernel 3.10.1
  • linux linux_kernel 3.10.2
  • linux linux_kernel 3.10.3
  • linux linux_kernel 3.10.4
  • linux linux_kernel 3.10.5
  • linux linux_kernel 3.10.6
  • linux linux_kernel 3.10.7
  • linux linux_kernel 3.10.8
  • linux linux_kernel 3.10.9
  • linux linux_kernel 3.10.10
  • linux linux_kernel 3.10.11
  • linux linux_kernel 3.10.12
  • linux linux_kernel 3.10.13
  • linux linux_kernel 3.10.14
  • linux linux_kernel 3.10.15
  • linux linux_kernel 3.10.16
  • linux linux_kernel 3.10.17
  • linux linux_kernel 3.10.18
  • linux linux_kernel 3.10.19
  • linux linux_kernel 3.10.20
  • linux linux_kernel 3.10.21
  • linux linux_kernel 3.10.22
  • linux linux_kernel 3.10.23
  • linux linux_kernel 3.10.24
  • linux linux_kernel 3.10.25
  • linux linux_kernel 3.10.26
  • linux linux_kernel 3.10.27
  • linux linux_kernel 3.10.28
  • linux linux_kernel 3.10.29
  • linux linux_kernel 3.11
  • linux linux_kernel 3.11.1
  • linux linux_kernel 3.11.2
  • linux linux_kernel 3.11.3
  • linux linux_kernel 3.11.4
  • linux linux_kernel 3.11.5
  • linux linux_kernel 3.11.6
  • linux linux_kernel 3.11.7
  • linux linux_kernel 3.11.8
  • linux linux_kernel 3.11.9
  • linux linux_kernel 3.11.10
  • linux linux_kernel 3.12
  • linux linux_kernel 3.12.1
  • linux linux_kernel 3.12.2
  • linux linux_kernel 3.12.3
  • linux linux_kernel 3.12.4
  • linux linux_kernel 3.12.5
  • linux linux_kernel 3.12.6
  • linux linux_kernel 3.12.7
  • linux linux_kernel 3.12.8
  • linux linux_kernel 3.12.9
  • linux linux_kernel 3.12.10
  • linux linux_kernel 3.12.11
  • linux linux_kernel 3.12.12
  • linux linux_kernel 3.12.13
  • linux linux_kernel 3.12.14
  • linux linux_kernel 3.12.15
  • linux linux_kernel 3.12.16
  • linux linux_kernel 3.12.17
  • linux linux_kernel 3.13
  • linux linux_kernel 3.13.1
  • linux linux_kernel 3.13.2
  • linux linux_kernel 3.13.3
  • linux linux_kernel 3.13.4
  • linux linux_kernel 3.13.5
  • linux linux_kernel 3.13.6
  • linux linux_kernel 3.13.7
  • linux linux_kernel 3.13.8
  • linux linux_kernel 3.13.9
  • linux linux_kernel 3.13.10
  • linux linux_kernel 3.13.11
  • linux linux_kernel 3.14
  • linux linux_kernel 3.14.1
  • linux linux_kernel 3.14.2
  • linux linux_kernel 3.14.3
  • linux linux_kernel 3.14.4
  • linux linux_kernel 3.14.5
  • linux linux_kernel 3.15
  • linux linux_kernel 3.15.1
  • linux linux_kernel 3.15.2
  • linux linux_kernel 3.15.3
  • linux linux_kernel 3.15.4
  • linux linux_kernel 3.15.5
  • linux linux_kernel 3.15.6
  • linux linux_kernel 3.15.7
  • linux linux_kernel 3.15.8
  • linux linux_kernel 3.16.0
  • linux linux_kernel 3.16.1
  • linux linux_kernel 3.17
  • linux linux_kernel 3.17.1
  • linux linux_kernel 3.17.2

Ease of attack

CVE-2014-3673:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References