CVE-2014-4943
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
Severity Score
6.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
La funcionalidad PPPoL2TP en net/l2tp/l2tp_ppp.c en el kernel de Linux hasta 3.15.6 permite a usuarios locales ganar privilegios mediante el aprovechamiento de diferencias de la estructura de datos entre un socket l2tp y un socket inet.
A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-07-11 CVE Reserved
- 2014-07-17 CVE Published
- 2015-03-04 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (25)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf | Broken Link | |
| http://linux.oracle.com/errata/ELSA-2014-0924.html | Third Party Advisory | |
| http://linux.oracle.com/errata/ELSA-2014-3047.html | Third Party Advisory | |
| http://linux.oracle.com/errata/ELSA-2014-3048.html | Third Party Advisory | |
| http://openwall.com/lists/oss-security/2014/07/17/1 | Mailing List | |
| http://osvdb.org/show/osvdb/109277 | Broken Link | |
| http://secunia.com/advisories/59790 | Third Party Advisory | |
| http://secunia.com/advisories/60011 | Third Party Advisory | |
| http://secunia.com/advisories/60071 | Third Party Advisory | |
| http://secunia.com/advisories/60220 | Third Party Advisory | |
| http://secunia.com/advisories/60380 | Third Party Advisory | |
| http://secunia.com/advisories/60393 | Third Party Advisory | |
| http://www.securitytracker.com/id/1030610 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94665 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/36267 | 2015-03-04 | |
| http://www.exploit-db.com/exploits/36267 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf | 2024-01-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.23 < 3.2.62 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.23 < 3.2.62" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.4.102 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.102" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.5 < 3.10.52 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.52" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.27 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.27" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.14.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.16" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.15 < 3.15.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.15.9" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.4 Search vendor "Opensuse" for product "Opensuse" and version "11.4" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 11 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11" | sp3 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | sp2, ltss |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | sp3 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | sp3, vmware |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||