CVE-2014-4943

high

Description

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

References

https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf

https://exchange.xforce.ibmcloud.com/vulnerabilities/94665

https://bugzilla.redhat.com/show_bug.cgi?id=1119458

http://www.securitytracker.com/id/1030610

http://www.exploit-db.com/exploits/36267

http://www.debian.org/security/2014/dsa-2992

http://secunia.com/advisories/60393

http://secunia.com/advisories/60380

http://secunia.com/advisories/60220

http://secunia.com/advisories/60071

http://secunia.com/advisories/60011

http://secunia.com/advisories/59790

http://rhn.redhat.com/errata/RHSA-2014-1025.html

http://openwall.com/lists/oss-security/2014/07/17/1

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

http://linux.oracle.com/errata/ELSA-2014-3048.html

http://linux.oracle.com/errata/ELSA-2014-3047.html

http://linux.oracle.com/errata/ELSA-2014-0924.html

Details

Source: Mitre, NVD

Published: 2014-07-19

Updated: 2024-01-19

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics