CVE-2014-8160

Current Description

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

Basic Data

Published	March 02, 2015
Last Modified	May 21, 2020
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	CWE-20
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	NONE
CVSS 2 - Availability Impact	NONE
CVSS 2 - Base Score	5.0
Severity	MEDIUM
Exploitability Score	10.0
Impact Score	2.9
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	OS	Linux	Linux Kernel	*	*	*	*	*	*	*	*				3.18

OR - Configuration 2

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Opensuse	Opensuse	13.1	*	*	*	*	*	*	*
2.3	OS	Suse	Linux Enterprise Desktop	12	*	*	*	*	*	*	*
2.3	OS	Suse	Linux Enterprise Real Time Extension	11	sp3	*	*	*	*	*	*
2.3	OS	Suse	Linux Enterprise Server	11	sp1	*	*	ltss	*	*	*
2.3	OS	Suse	Linux Enterprise Server	12	-	*	*	*	*	*	*
2.3	OS	Suse	Linux Enterprise Software Development Kit	12	-	*	*	*	*	*	*
2.3	OS	Suse	Linux Enterprise Workstation Extension	12	*	*	*	*	*	*	*

OR - Configuration 3

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Redhat	Enterprise Linux Desktop	6.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Desktop	7.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server	6.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server	7.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Aus	6.5	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Aus	6.6	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Aus	7.3	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Aus	7.6	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Eus	6.5	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Eus	6.6	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Eus	7.3	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Eus	7.4	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Eus	7.5	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Eus	7.6	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Eus	7.7	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Tus	6.5	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Tus	6.6	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Tus	7.6	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Server Tus	7.7	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Workstation	6.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Workstation	7.0	*	*	*	*	*	*	*

OR - Configuration 4

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	OS	Debian	Debian Linux	7.0	*	*	*	*	*	*	*
2.3	OS	Debian	Debian Linux	8.0	*	*	*	*	*	*	*

OR - Configuration 5

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Canonical	Ubuntu Linux	12.04	*	*	*	lts	*	*	*
2.3	OS	Canonical	Ubuntu Linux	14.04	*	*	*	lts	*	*	*
2.3	OS	Canonical	Ubuntu Linux	14.10	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Debian	Debian Linux	7.0, 8.0
Redhat	Enterprise Linux Workstation	6.0, 7.0
Redhat	Enterprise Linux Desktop	6.0, 7.0
Redhat	Enterprise Linux Server Aus	6.5, 6.6, 7.3, 7.6
Redhat	Enterprise Linux Server Tus	6.5, 6.6, 7.6, 7.7
Redhat	Enterprise Linux Server Eus	6.5, 6.6, 7.3, 7.4, 7.5, 7.6, 7.7
Redhat	Enterprise Linux Server	6.0, 7.0
Canonical	Ubuntu Linux	12.04, 14.04, 14.10
Opensuse	Opensuse	13.1
Linux	Linux Kernel	*
Suse	Linux Enterprise Software Development Kit	12
Suse	Linux Enterprise Workstation Extension	12
Suse	Linux Enterprise Desktop	12
Suse	Linux Enterprise Real Time Extension	11
Suse	Linux Enterprise Server	11, 12

References

Name	Source	URL	Tags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db29a9508a9246e77087c5531e45b2c88ec6988b	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db29a9508a9246e77087c553	CONFIRM	PATCH Vendor Advisory
SUSE-SU-2015:0529	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html	SUSE	Mailing List Third Party Advisory
SUSE-SU-2015:0652	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html	SUSE	Mailing List Third Party Advisory
openSUSE-SU-2015:0714	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html	SUSE	Mailing List Third Party Advisory
SUSE-SU-2015:0736	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html	SUSE	Mailing List Third Party Advisory
RHSA-2015:0284	http://rhn.redhat.com/errata/RHSA-2015-0284.html	REDHAT	Third Party Advisory
RHSA-2015:0290	http://rhn.redhat.com/errata/RHSA-2015-0290.html	REDHAT	Third Party Advisory
RHSA-2015:0674	http://rhn.redhat.com/errata/RHSA-2015-0674.html	REDHAT	Third Party Advisory
DSA-3170	http://www.debian.org/security/2015/dsa-3170	DEBIAN	Third Party Advisory
MDVSA-2015:057	http://www.mandriva.com/security/advisories?name=MDVSA-2015:057	MANDRIVA	Third Party Advisory
MDVSA-2015:058	http://www.mandriva.com/security/advisories?name=MDVSA-2015:058	MANDRIVA	Third Party Advisory
[oss-security] 20150114 CVE-2014-8160 Linux Kernel: SCTP firewalling fails until SCTP module is loaded	http://www.openwall.com/lists/oss-security/2015/01/14/3	MLIST	Mailing List PATCH Third Party Advisory
72061	http://www.securityfocus.com/bid/72061	BID	Third Party Advisory VDB Entry
[netfilter-devel] 20140925 [PATCH nf] netfilter: conntrack: disable generic protocol tracking	http://www.spinics.net/lists/netfilter-devel/msg33430.html	MLIST	PATCH Third Party Advisory
USN-2513-1	http://www.ubuntu.com/usn/USN-2513-1	UBUNTU	Third Party Advisory
USN-2514-1	http://www.ubuntu.com/usn/USN-2514-1	UBUNTU	Third Party Advisory
USN-2515-1	http://www.ubuntu.com/usn/USN-2515-1	UBUNTU	Third Party Advisory
USN-2516-1	http://www.ubuntu.com/usn/USN-2516-1	UBUNTU	Third Party Advisory
USN-2517-1	http://www.ubuntu.com/usn/USN-2517-1	UBUNTU	Third Party Advisory
USN-2518-1	http://www.ubuntu.com/usn/USN-2518-1	UBUNTU	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1182059	https://bugzilla.redhat.com/show_bug.cgi?id=1182059	CONFIRM	Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/db29a9508a9246e77087c5531e45b2c88ec6988b	https://github.com/torvalds/linux/commit/db29a9508a9246e77087c5531e45b2c88ec6988b	CONFIRM	PATCH Third Party Advisory