CVE-2013-4350

Publication date 25 September 2013

Last updated 24 July 2024


Ubuntu priority

The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.

From the Ubuntu Security Team

Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic.

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 14.04 LTS trusty
Not affected
13.10 saucy
Fixed 3.11.0-13.20
13.04 raring
Fixed 3.8.0-34.49
12.10 quantal
Fixed 3.5.0-43.66
12.04 LTS precise
Fixed 3.2.0-57.87
10.04 LTS lucid Ignored end of life
linux-armadaxp 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal
Fixed 3.5.0-1624.33
12.04 LTS precise
Fixed 3.2.0-1628.40
10.04 LTS lucid Not in release
linux-ec2 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Ignored end of life
linux-flo 14.04 LTS trusty Ignored end of life, was needed
13.10 saucy Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-fsl-imx51 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Ignored end of life
linux-goldfish 14.04 LTS trusty Ignored end of life, was needed
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-grouper 14.04 LTS trusty Not in release
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-linaro-omap 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Not in release
linux-linaro-shared 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Not in release
linux-linaro-vexpress 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Not in release
linux-lts-quantal 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Fixed 3.5.0-43.66~precise1
10.04 LTS lucid Not in release
linux-lts-raring 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Fixed 3.8.0-34.49~precise1
10.04 LTS lucid Not in release
linux-lts-saucy 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release
linux-lts-trusty 14.04 LTS trusty Not in release
13.10 saucy Not in release
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release
linux-maguro 14.04 LTS trusty Not in release
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-mako 14.04 LTS trusty Ignored end of life, was needed
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-manta 14.04 LTS trusty Ignored end of life, was needed
13.10 saucy Ignored
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
linux-mvl-dove 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Ignored end of life
linux-qcm-msm 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Ignored end of life
linux-ti-omap4 14.04 LTS trusty Not in release
13.10 saucy
Fixed 3.5.0-235.51
13.04 raring
Fixed 3.5.0-235.51
12.10 quantal
Fixed 3.5.0-235.51
12.04 LTS precise
Fixed 3.2.0-1441.60
10.04 LTS lucid Not in release

Notes


jdstrand

requires IPv6 on SCTP IPsec traffic Per kernel team, too intrusive to backport

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
linux

References

Related Ubuntu Security Notices (USN)

    • USN-2019-1
    • Linux kernel (Quantal HWE) vulnerabilities
    • 8 November 2013
    • USN-2038-1
    • Linux kernel vulnerabilities
    • 3 December 2013
    • USN-2041-1
    • Linux kernel (Raring HWE) vulnerabilities
    • 3 December 2013
    • USN-2021-1
    • Linux kernel vulnerabilities
    • 8 November 2013
    • USN-2045-1
    • Linux kernel vulnerabilities
    • 3 December 2013
    • USN-2022-1
    • Linux kernel (OMAP4) vulnerabilities
    • 8 November 2013
    • USN-2039-1
    • Linux kernel (OMAP4) vulnerabilities
    • 3 December 2013
    • USN-2050-1
    • Linux kernel (OMAP4) vulnerabilities
    • 7 December 2013
    • USN-2024-1
    • Linux kernel (OMAP4) vulnerabilities
    • 8 November 2013
    • USN-2049-1
    • Linux kernel vulnerabilities
    • 7 December 2013

Other references