• Tenable
  • CVEs
  • Settings
    Links
    Tenable.io Tenable Community & Support Tenable University
    Severity
    Theme
  • Tenable
  • Links
  • Tenable.io
  • Tenable Community & Support
  • Tenable University
  • Settings
  • Severity
  • Theme
  • Newest
  • Updated
  • Search
  • Newest
  • Updated
  • Search
  1. CVEs
  2. CVE-2013-4350
  1. CVEs

CVE-2013-4350

medium
  • Information
  • CPEs
  • Plugins

Description

The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1007872

http://www.openwall.com/lists/oss-security/2013/09/13/3

https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7

http://www.ubuntu.com/usn/USN-2041-1

http://www.ubuntu.com/usn/USN-2045-1

http://www.ubuntu.com/usn/USN-2049-1

http://rhn.redhat.com/errata/RHSA-2013-1490.html

http://www.ubuntu.com/usn/USN-2050-1

http://www.ubuntu.com/usn/USN-2019-1

http://www.ubuntu.com/usn/USN-2022-1

http://www.ubuntu.com/usn/USN-2024-1

http://www.ubuntu.com/usn/USN-2039-1

http://www.ubuntu.com/usn/USN-2038-1

http://www.ubuntu.com/usn/USN-2021-1

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95ee62083cb6453e056562d91f597552021e6ae7

Details

Source: MITRE

Published: 2013-09-25

Updated: 2023-02-13

Type: CWE-310

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

  • Tenable.com
  • Community & Support
  • Documentation
  • Education
  • © 2023 Tenable®, Inc. All Rights Reserved
  • Privacy Policy
  • Legal
  • 508 Compliance