PT-2014-8434 · Linux+5 · Linux Kernel+5

Published

2014-12-15

Updated

2023-02-13

CVE-2014-8160

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.18

Description The issue generates incorrect conntrack entries during the handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols. This allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

Recommendations For Linux kernel versions prior to 3.18, update to version 3.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable protocols (SCTP, DCCP, GRE, and UDP-Lite) until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2014-2452

ALT-PU-2015-1794

CESA-2015_0290

CESA-2015_0674

CVE-2014-8160

DLA-155-1

DSA-3170-1

MGASA-2015-0210

MGASA-2015-0219

MGASA-2015-0221

OPENSUSE-SU-2015_0713-1

OPENSUSE-SU-2015_0714-1

RHSA-2015:0284

RHSA-2015:0290

RHSA-2015:0674

RHSA-2015_0290

RHSA-2015_0674

SUSE-RU-2015:0621-1

SUSE-SU-2015:0529-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2513-1

USN-2514-1

USN-2515-1

USN-2516-1

USN-2516-2

USN-2516-3

USN-2517-1

USN-2518-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2014-8434 · Linux+5 · Linux Kernel+5

CVE-2014-8160

Weakness Enumeration

Related Identifiers

Affected Products

References · 159