F5 BIG-IP - Linux kernel SCTP vulnerability CVE-2015-1421
Information
Severity
Severity
Critical
Family
Family
F5 Local Security Checks
CVSSv2 Base
CVSSv2 Base
10.0
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution Type
Solution Type
Vendor Patch
Created
Created
6 years ago
Modified
Modified
1 year ago
Summary
The remote host is missing a security patch.
Insight
Insight
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. (CVE-2015-1421)
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
See the referenced vendor advisory for a solution.
Common Vulnerabilities and Exposures (CVE)
References
Download Mageni to scan and fix this vulnerability. It is free and easy.
Processing. Please wait...
Free for 7-days then $4 USD monthly regardless of how many IPs, scans, users, or deployments you have. No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.