F5 BIG-IP - Linux Kernel SCTP Vulnerabilities Network Vulnerability

Summary

F5 BIG-IP is prone to a remote denial-of-service vulnerability.

Impact

Remote attackers may be able to cause a denial-of-service (DoS) using malformed or duplicate ASCONF chunk.

Solution

See the referenced vendor advisory for a solution.

Insight

CVE-2014-3673 The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. CVE-2014-3687 The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

Detection

Check the version.

References

https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15910.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3673, CVE-2014-3687

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

F5 BIG-IP - Linux kernel SCTP vulnerabilities

Take action and discover your vulnerabilities