CVE-2014-8160

CVSS v2.0 5 (Medium)

EPSS 0.36 % (73^th)

Affected Products 15

Advisories 25

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2015-03-02 11:59:02
(9 years ago)
Updated Date: 2023-02-13 00:43:57
(19 months ago)

Affected Products

Redhat

Suse

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 3.18 version	cpe:2.3:o:linux:linux_kernel		< 3.18

Configuration #2

		CPE23	From	Up To
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1
	Suse Linux Enterprise Desktop 12	cpe:2.3:o:suse:linux_enterprise_desktop:12
	Suse Linux Enterprise Real Time Extension 11 SP3	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3
	Suse Linux Enterprise Server 11 SP1	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss
	Suse Linux Enterprise Server 12	cpe:2.3:o:suse:linux_enterprise_server:12:-
	Suse Linux Enterprise Software Development Kit 12	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-
	Suse Linux Enterprise Workstation Extension 12	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12

Configuration #3

		CPE23	From	Up To
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Server Aus 6.5	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
	Redhat Enterprise Linux Server Aus 6.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
	Redhat Enterprise Linux Server Aus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
	Redhat Enterprise Linux Server Aus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
	Redhat Enterprise Linux Server Eus 6.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5
	Redhat Enterprise Linux Server Eus 6.6	cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6
	Redhat Enterprise Linux Server Eus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
	Redhat Enterprise Linux Server Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
	Redhat Enterprise Linux Server Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
	Redhat Enterprise Linux Server Eus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
	Redhat Enterprise Linux Server Eus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7
	Redhat Enterprise Linux Server Tus 6.5	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5
	Redhat Enterprise Linux Server Tus 6.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6
	Redhat Enterprise Linux Server Tus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
	Redhat Enterprise Linux Server Tus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #4

		CPE23	From	Up To
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #5

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10

Weaknesses

Affected Products

Canonical

Debian

Linux

Opensuse