Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9715

Опубликовано: 08 апр. 2015
Источник: redhat
CVSS2: 5.7
EPSS Низкий

Описание

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.

An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash.

Отчет

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2015:156505.08.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2015:153406.08.2015
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2015:156405.08.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-841
https://bugzilla.redhat.com/show_bug.cgi?id=1208684kernel: netfilter connection tracking extensions denial of service

EPSS

Процентиль: 13%
0.00043
Низкий

5.7 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9715

ubuntu
около 10 лет назад

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.

nvd логотип

CVE-2014-9715

nvd
около 10 лет назад

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.

debian логотип

CVE-2014-9715

debian
около 10 лет назад

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem ...

github логотип

GHSA-ff56-mpjv-8r2j

github
около 3 лет назад

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.

oracle-oval логотип

ELSA-2015-3068

oracle-oval
почти 10 лет назад

ELSA-2015-3068: Unbreakable Enterprise kernel security update (MODERATE)

EPSS

Процентиль: 13%
0.00043
Низкий

5.7 Medium

CVSS2