PT-2014-9017 · Linux+5 · Linux Kernel+5

Publicado

2014-06-03

Atualizado

2016-12-31

CVE-2014-9715

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.14.5

Description The issue is related to the netfilter subsystem in the Linux kernel, where an insufficiently large data type is used for certain extension data. This can be exploited by local users to cause a denial of service, resulting in a NULL pointer dereference and OOPS, via outbound network traffic that triggers extension loading. An example of how this can be triggered is by configuring a PPTP tunnel in a NAT environment.

Recommendations For Linux kernel versions prior to 3.14.5, update to version 3.14.5 or later to resolve the issue. As a temporary workaround, consider restricting outbound network traffic to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2014-1703

ALT-PU-2014-2064

CESA-2015_1534

CVE-2014-9715

DSA-3237-1

OPENSUSE-SU-2016_0301-1

RHSA-2015:1534

RHSA-2015:1564

RHSA-2015:1565

RHSA-2015_1534

RHSA-2015_1565

USN-2225-1

USN-2611-1

USN-2612-1

USN-2613-1

USN-2614-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2014-9017 · Linux+5 · Linux Kernel+5

CVE-2014-9715

Identificadores relacionados

Produtos afetados

Referências · 52