CVE-2014-8160

Current Description

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

Basic Data

PublishedMarch 02, 2015
Last ModifiedMay 21, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********3.18
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSOpensuseOpensuse13.1*******
    2.3OSSuseLinux Enterprise Desktop12*******
    2.3OSSuseLinux Enterprise Real Time Extension11sp3******
    2.3OSSuseLinux Enterprise Server11sp1**ltss***
    2.3OSSuseLinux Enterprise Server12-******
    2.3OSSuseLinux Enterprise Software Development Kit12-******
    2.3OSSuseLinux Enterprise Workstation Extension12*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Desktop6.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server6.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Server Aus6.5*******
    2.3OSRedhatEnterprise Linux Server Aus6.6*******
    2.3OSRedhatEnterprise Linux Server Aus7.3*******
    2.3OSRedhatEnterprise Linux Server Aus7.6*******
    2.3OSRedhatEnterprise Linux Server Eus6.5*******
    2.3OSRedhatEnterprise Linux Server Eus6.6*******
    2.3OSRedhatEnterprise Linux Server Eus7.3*******
    2.3OSRedhatEnterprise Linux Server Eus7.4*******
    2.3OSRedhatEnterprise Linux Server Eus7.5*******
    2.3OSRedhatEnterprise Linux Server Eus7.6*******
    2.3OSRedhatEnterprise Linux Server Eus7.7*******
    2.3OSRedhatEnterprise Linux Server Tus6.5*******
    2.3OSRedhatEnterprise Linux Server Tus6.6*******
    2.3OSRedhatEnterprise Linux Server Tus7.6*******
    2.3OSRedhatEnterprise Linux Server Tus7.7*******
    2.3OSRedhatEnterprise Linux Workstation6.0*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux7.0*******
    2.3OSDebianDebian Linux8.0*******
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux12.04***lts***
    2.3OSCanonicalUbuntu Linux14.04***lts***
    2.3OSCanonicalUbuntu Linux14.10*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 7.0, 8.0
Redhat Enterprise Linux Workstation 6.0, 7.0
Redhat Enterprise Linux Desktop 6.0, 7.0
Redhat Enterprise Linux Server Aus 6.5, 6.6, 7.3, 7.6
Redhat Enterprise Linux Server Tus 6.5, 6.6, 7.6, 7.7
Redhat Enterprise Linux Server Eus 6.5, 6.6, 7.3, 7.4, 7.5, 7.6, 7.7
Redhat Enterprise Linux Server 6.0, 7.0
Canonical Ubuntu Linux 12.04, 14.04, 14.10
Opensuse Opensuse 13.1
Linux Linux Kernel *
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Workstation Extension 12
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Real Time Extension 11
Suse Linux Enterprise Server 11, 12

References

NameSourceURLTags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db29a9508a9246e77087c5531e45b2c88ec6988bhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db29a9508a9246e77087c553CONFIRMPATCH Vendor Advisory
SUSE-SU-2015:0529http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.htmlSUSEMailing List Third Party Advisory
SUSE-SU-2015:0652http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.htmlSUSEMailing List Third Party Advisory
openSUSE-SU-2015:0714http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.htmlSUSEMailing List Third Party Advisory
SUSE-SU-2015:0736http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.htmlSUSEMailing List Third Party Advisory
RHSA-2015:0284http://rhn.redhat.com/errata/RHSA-2015-0284.htmlREDHATThird Party Advisory
RHSA-2015:0290http://rhn.redhat.com/errata/RHSA-2015-0290.htmlREDHATThird Party Advisory
RHSA-2015:0674http://rhn.redhat.com/errata/RHSA-2015-0674.htmlREDHATThird Party Advisory
DSA-3170http://www.debian.org/security/2015/dsa-3170DEBIANThird Party Advisory
MDVSA-2015:057http://www.mandriva.com/security/advisories?name=MDVSA-2015:057MANDRIVAThird Party Advisory
MDVSA-2015:058http://www.mandriva.com/security/advisories?name=MDVSA-2015:058MANDRIVAThird Party Advisory
[oss-security] 20150114 CVE-2014-8160 Linux Kernel: SCTP firewalling fails until SCTP module is loadedhttp://www.openwall.com/lists/oss-security/2015/01/14/3MLISTMailing List PATCH Third Party Advisory
72061http://www.securityfocus.com/bid/72061BIDThird Party Advisory VDB Entry
[netfilter-devel] 20140925 [PATCH nf] netfilter: conntrack: disable generic protocol trackinghttp://www.spinics.net/lists/netfilter-devel/msg33430.htmlMLISTPATCH Third Party Advisory
USN-2513-1http://www.ubuntu.com/usn/USN-2513-1UBUNTUThird Party Advisory
USN-2514-1http://www.ubuntu.com/usn/USN-2514-1UBUNTUThird Party Advisory
USN-2515-1http://www.ubuntu.com/usn/USN-2515-1UBUNTUThird Party Advisory
USN-2516-1http://www.ubuntu.com/usn/USN-2516-1UBUNTUThird Party Advisory
USN-2517-1http://www.ubuntu.com/usn/USN-2517-1UBUNTUThird Party Advisory
USN-2518-1http://www.ubuntu.com/usn/USN-2518-1UBUNTUThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1182059https://bugzilla.redhat.com/show_bug.cgi?id=1182059CONFIRMIssue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/db29a9508a9246e77087c5531e45b2c88ec6988bhttps://github.com/torvalds/linux/commit/db29a9508a9246e77087c5531e45b2c88ec6988bCONFIRMPATCH Third Party Advisory