CVE-2013-4350

The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.

From the Ubuntu Security Team

Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain sensitive information by sniffing network traffic.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	14.04 LTS trusty	Not affected
	13.10 saucy	Fixed 3.11.0-13.20
	13.04 raring	Fixed 3.8.0-34.49
	12.10 quantal	Fixed 3.5.0-43.66
	12.04 LTS precise	Fixed 3.2.0-57.87
	10.04 LTS lucid	Ignored end of life
linux-armadaxp	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Fixed 3.5.0-1624.33
	12.04 LTS precise	Fixed 3.2.0-1628.40
	10.04 LTS lucid	Not in release
linux-ec2	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Ignored end of life
linux-flo	14.04 LTS trusty	Ignored end of life, was needed
	13.10 saucy	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
linux-fsl-imx51	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Ignored end of life
linux-goldfish	14.04 LTS trusty	Ignored end of life, was needed
	13.10 saucy	Ignored
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
linux-grouper	14.04 LTS trusty	Not in release
	13.10 saucy	Ignored
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
linux-linaro-omap	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Ignored end of life
	12.04 LTS precise	Ignored end of life
	10.04 LTS lucid	Not in release
linux-linaro-shared	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Ignored end of life
	12.04 LTS precise	Ignored end of life
	10.04 LTS lucid	Not in release
linux-linaro-vexpress	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Ignored end of life
	12.04 LTS precise	Ignored end of life
	10.04 LTS lucid	Not in release
linux-lts-quantal	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Fixed 3.5.0-43.66~precise1
	10.04 LTS lucid	Not in release
linux-lts-raring	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Fixed 3.8.0-34.49~precise1
	10.04 LTS lucid	Not in release
linux-lts-saucy	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not in release
linux-lts-trusty	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not in release
linux-maguro	14.04 LTS trusty	Not in release
	13.10 saucy	Ignored
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
linux-mako	14.04 LTS trusty	Ignored end of life, was needed
	13.10 saucy	Ignored
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
linux-manta	14.04 LTS trusty	Ignored end of life, was needed
	13.10 saucy	Ignored
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
linux-mvl-dove	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Ignored end of life
linux-qcm-msm	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	13.04 raring	Not in release
	12.10 quantal	Ignored end of life
	12.04 LTS precise	Ignored end of life
	10.04 LTS lucid	Ignored end of life
linux-ti-omap4	14.04 LTS trusty	Not in release
	13.10 saucy	Fixed 3.5.0-235.51
	13.04 raring	Fixed 3.5.0-235.51
	12.10 quantal	Fixed 3.5.0-235.51
	12.04 LTS precise	Fixed 3.2.0-1441.60
	10.04 LTS lucid	Not in release

Notes

jdstrand

requires IPv6 on SCTP IPsec traffic Per kernel team, too intrusive to backport

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by 1da177e, fixed by 95ee620

References

Related Ubuntu Security Notices (USN)

USN-2019-1
Linux kernel (Quantal HWE) vulnerabilities
8 November 2013

USN-2038-1
Linux kernel vulnerabilities
3 December 2013

USN-2041-1
Linux kernel (Raring HWE) vulnerabilities
3 December 2013

USN-2021-1
Linux kernel vulnerabilities
8 November 2013

USN-2045-1
Linux kernel vulnerabilities
3 December 2013

USN-2022-1
Linux kernel (OMAP4) vulnerabilities
8 November 2013

USN-2039-1
Linux kernel (OMAP4) vulnerabilities
3 December 2013

USN-2050-1
Linux kernel (OMAP4) vulnerabilities
7 December 2013

USN-2024-1
Linux kernel (OMAP4) vulnerabilities
8 November 2013