CVE-2014-8160

Published: Mar 2, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

Affected (34)

Products: Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Real Time Extension, Linux Enterprise Server, Linux Enterprise Software Development Kit, Linux Enterprise Workstation Extension · +3 more

Show all products

1 product

1 product

5 products

Linux Enterprise Desktop

Linux Enterprise Real Time Extension

Linux Enterprise Server

Linux Enterprise Software Development Kit

Linux Enterprise Workstation Extension

Redhat

6 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.18

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Suse Linux Enterprise Desktop	Version 12
Suse Linux Enterprise Real Time Extension	Version 11 sp3
Suse Linux Enterprise Server	Version 11 sp1
Suse Linux Enterprise Server	Version 12
Suse Linux Enterprise Software Development Kit	Version 12
Suse Linux Enterprise Workstation Extension	Version 12

Configuration C

21 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 6.5
Redhat Enterprise Linux Server Aus	Version 6.6
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 6.5
Redhat Enterprise Linux Server Eus	Version 6.6
Redhat Enterprise Linux Server Eus	Version 7.3
Redhat Enterprise Linux Server Eus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 6.5
Redhat Enterprise Linux Server Tus	Version 6.6
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (44)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db29a9508a9246e77087c5531e45b2c88ec6988b

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0284.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0290.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0674.html

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2015/dsa-3170

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:057

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/01/14/3

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/72061

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.spinics.net/lists/netfilter-devel/msg33430.html

Source: secalert@redhat.com

PatchThird Party Advisory

http://www.ubuntu.com/usn/USN-2513-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2514-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2515-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2516-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2517-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2518-1

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1182059

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/db29a9508a9246e77087c5531e45b2c88ec6988b

Source: secalert@redhat.com

PatchThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db29a9508a9246e77087c5531e45b2c88ec6988b