|
|
| |
|
| |
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2013-2206
CVE-2013-2224
|
| Created: | August 21, 2013 |
Updated: | August 21, 2013 |
| Description: |
From the CVE entries:
The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.
(CVE-2013-2206)
A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552.
(CVE-2013-2224) |
| Alerts: |
|
( Log in to post comments)
|
|
|