Vulnerability Details : CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

Vulnerability category: Input validation

Published 2015-03-02 11:59:03

Updated 2023-02-13 00:43:58

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-8160

Probability of exploitation activity in the next 30 days: 0.36%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-8160

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2014-8160

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-8160

http://www.mandriva.com/security/advisories?name=MDVSA-2015:057

mandriva.com
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1182059

1182059 – (CVE-2014-8160) CVE-2014-8160 kernel: iptables restriction bypass if a protocol handler kernel module not loaded
Issue Tracking;Third Party Advisory
http://www.ubuntu.com/usn/USN-2518-1

USN-2518-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html

[security-announce] SUSE-SU-2015:0652-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0674.html

RHSA-2015:0674 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2515-1

USN-2515-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2514-1

USN-2514-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db29a9508a9246e77087c5531e45b2c88ec6988b
http://www.ubuntu.com/usn/USN-2513-1

USN-2513-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2015/dsa-3170

Debian -- Security Information -- DSA-3170-1 linux
Third Party Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

mandriva.com
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2517-1

USN-2517-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0284.html

RHSA-2015:0284 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

[security-announce] SUSE-SU-2015:0736-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2516-1

USN-2516-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://github.com/torvalds/linux/commit/db29a9508a9246e77087c5531e45b2c88ec6988b

netfilter: conntrack: disable generic tracking for known protocols · torvalds/linux@db29a95 · GitHub
Patch;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html

[security-announce] openSUSE-SU-2015:0714-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

[security-announce] SUSE-SU-2015:0529-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0290.html

RHSA-2015:0290 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2015/01/14/3

oss-security - CVE-2014-8160 Linux Kernel: SCTP firewalling fails until SCTP module is loaded
Mailing List;Patch;Third Party Advisory
http://www.spinics.net/lists/netfilter-devel/msg33430.html

Linux Netfilter Devel — [PATCH nf] netfilter: conntrack: disable generic protocol tracking
Patch;Third Party Advisory
http://www.securityfocus.com/bid/72061

Linux Kernel CVE-2014-8160 Remote Security Bypass Vulnerability
Third Party Advisory;VDB Entry

Products affected by CVE-2014-8160

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 3.18
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 12
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP1 Ltss Edition
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 12
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Workstation Extension » Version: 12
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 12
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Real Time Extension » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.10
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions