فا

‫ Linux Kernel "sctp_assoc_update()" Memory Corruption Vulnerability

ID: IRCAD2015033791
Release Date: 2015-02-26
Criticality level: Highly critical
Software:
Linux Kernel 2.6.x
Linux Kernel 3.10.x
Linux Kernel 3.12.x
Linux Kernel 3.14.x
Linux Kernel 3.18.x
Linux Kernel 3.2.x
Linux Kernel 3.4.x
Description:
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
The vulnerability is caused due to an error within the "sctp_assoc_update()" function (net/sctp/associola.c) and can be exploited to cause memory corruption.
The vulnerability is reported in versions prior to 3.18.8, prior to 3.14.34, prior to 3.12.38, prior to 3.10.70, and prior to 3.2.67 and versions 3.4.106 and 2.6.32.65.
Solution
Update to a fixed version if available.
References:
Linux Kernel:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 12 اسفند 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0