PT-2014-9017 · Linux+5 · Linux Kernel+5

Published

2014-06-03

·

Updated

2016-12-31

·

CVE-2014-9715

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.14.5
Description The issue is related to the netfilter subsystem in the Linux kernel, where an insufficiently large data type is used for certain extension data. This can be exploited by local users to cause a denial of service, resulting in a NULL pointer dereference and OOPS, via outbound network traffic that triggers extension loading. An example of how this can be triggered is by configuring a PPTP tunnel in a NAT environment.
Recommendations For Linux kernel versions prior to 3.14.5, update to version 3.14.5 or later to resolve the issue. As a temporary workaround, consider restricting outbound network traffic to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2014-1703
ALT-PU-2014-2064
CESA-2015_1534
CVE-2014-9715
DSA-3237-1
OPENSUSE-SU-2016_0301-1
RHSA-2015:1534
RHSA-2015:1564
RHSA-2015:1565
RHSA-2015_1534
RHSA-2015_1565
USN-2225-1
USN-2611-1
USN-2612-1
USN-2613-1
USN-2614-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu