Announcement Announcement Module
Collapse
No announcement yet.
DoS vulnerability in Linux Kernel “net/netfilter/nf_conntrack_proto_dccp.c” file Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • DoS vulnerability in Linux Kernel “net/netfilter/nf_conntrack_proto_dccp.c” file

    Denial of Service vulnerability in Linux Kernel “net/netfilter/nf_conntrack_proto_dccp.c” file

    Severity Rating: High

    Systems Affected

    • Linux Kernel prior to 3.13.6

    Overview

    A vulnerability has been reported in Linux Kernel which could be exploited by a remote attacker to cause the system kernel to crash leading in denial of service Conditions (DoS) or possibly execute arbitrary code.


    Description

    The vulnerability is caused by an error in the "/netfilter/nf_conntrack_proto_dccp.c" file in Linux kernel which uses a DCCP header pointer incorrectly.

    A remote attacker could exploit this vulnerability by sending a specially-crafted DCCP packet to corrupt kernel stack memory resulting in denial of service (DoS) conditions or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

    Solution
    Apply appropriate patches as mentioned in the following link.
    http://git.kernel.org/cgit/linux/ker...254fc10cbc2b92


    Vendor Information
    Kernel.org
    http://www.kernel.org

    References
    Redhat
    https://access.redhat.com/security/cve/CVE-2014-2523

    XForce
    http://xforce.iss.net/xforce/xfdb/91910

    Secunia
    http://secunia.com/advisories/57446

    Security Focus
    http://www.securityfocus.com/bid/66279
Working...
X