Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-8160

Опубликовано: 25 сент. 2014
Источник: redhat
CVSS2: 5.8
EPSS Низкий

Описание

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelUnder investigation
Red Hat Enterprise Linux 7kernel-rtAffected
Red Hat Enterprise MRG 2kernelAffected
Red Hat Enterprise Linux 6kernelFixedRHSA-2015:067411.03.2015
Red Hat Enterprise Linux 6.5 Extended Update SupportkernelFixedRHSA-2015:028403.03.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2015:029005.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1182059kernel: iptables restriction bypass if a protocol handler kernel module not loaded

EPSS

Процентиль: 84%
0.02449
Низкий

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-8160

ubuntu
больше 10 лет назад

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

nvd логотип

CVE-2014-8160

nvd
больше 10 лет назад

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

debian логотип

CVE-2014-8160

debian
больше 10 лет назад

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before ...

github логотип

GHSA-jr7v-xpxw-4c4v

github
около 3 лет назад

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

oracle-oval логотип

ELSA-2015-0674

oracle-oval
больше 10 лет назад

ELSA-2015-0674: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 84%
0.02449
Низкий

5.8 Medium

CVSS2