English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105161
Category:F5 Local Security Checks
Title:F5 BIG-IP - Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687
Summary:F5 BIG-IP is prone to a remote denial-of-service vulnerability.
Description:Summary:
F5 BIG-IP is prone to a remote denial-of-service vulnerability.

Vulnerability Insight:
CVE-2014-3673
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service
(system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.

CVE-2014-3687
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel
through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that
trigger an incorrect uncork within the side-effect interpreter.

Vulnerability Impact:
Remote attackers may be able to cause a denial-of-service (DoS) using malformed or duplicate ASCONF chunk.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3687
62428
http://secunia.com/advisories/62428
70766
http://www.securityfocus.com/bid/70766
DSA-3060
http://www.debian.org/security/2014/dsa-3060
HPSBGN03282
http://marc.info/?l=bugtraq&m=142722544401658&w=2
HPSBGN03285
http://marc.info/?l=bugtraq&m=142722450701342&w=2
RHSA-2015:0062
http://rhn.redhat.com/errata/RHSA-2015-0062.html
RHSA-2015:0115
http://rhn.redhat.com/errata/RHSA-2015-0115.html
SUSE-SU-2015:0178
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
SUSE-SU-2015:0481
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SUSE-SU-2015:0529
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
SUSE-SU-2015:0652
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
SUSE-SU-2015:0736
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
SUSE-SU-2015:1489
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
USN-2417-1
http://www.ubuntu.com/usn/USN-2417-1
USN-2418-1
http://www.ubuntu.com/usn/USN-2418-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395
http://linux.oracle.com/errata/ELSA-2014-3087.html
http://linux.oracle.com/errata/ELSA-2014-3088.html
http://linux.oracle.com/errata/ELSA-2014-3089.html
https://bugzilla.redhat.com/show_bug.cgi?id=1155731
https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395
openSUSE-SU-2015:0566
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3673
70883
http://www.securityfocus.com/bid/70883
SUSE-SU-2015:0812
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74
https://bugzilla.redhat.com/show_bug.cgi?id=1147850
https://github.com/torvalds/linux/commit/9de7922bc709eee2f609cd01d98aaedc4cf5ea74
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.