CVE-2014-9715

kernel: netfilter connection tracking extensions denial of service

Severity Score

4.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.

include/net/netfilter/nf_conntrack_extend.h en el subsistema netfilter en el kernel de Linux anterior a 3.14.5 utiliza un tipo de datos insuficientemente grande para ciertos datos de extensión, lo que permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y OOPS) a través de trafico de red saliente que provoca la carga de extensiones, tal y como fue demostrado mediante la configuración de un túnel PPTP en un entorno NAT.

An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-08 CVE Reserved
2015-04-27 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-841: Improper Enforcement of Behavioral Workflow

CAPEC

References (13)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279	X_refsource_confirm
http://marc.info/?l=netfilter-devel&m=140112364215200&w=2	Mailing List
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/04/08/1	Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	X_refsource_confirm
http://www.securityfocus.com/bid/73953	Vdb Entry
http://www.securitytracker.com/id/1032415	Vdb Entry
https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2015-1534.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1564.html	2023-11-07
http://www.debian.org/security/2015/dsa-3237	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1208684	2015-08-05
https://access.redhat.com/security/cve/CVE-2014-9715	2015-08-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 3.14.4 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.14.4"		-		Affected