{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36267", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/36267"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-3047.html"}, {"name": "SUSE-SU-2014:1316", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"name": "1030610", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030610"}, {"name": "60220", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60220"}, {"name": "59790", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59790"}, {"name": "RHSA-2014:1025", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1025.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf"}, {"name": "SUSE-SU-2014:1319", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"name": "SUSE-SU-2015:0481", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"name": "openSUSE-SU-2015:0566", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119458"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-0924.html"}, {"name": "60393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60393"}, {"name": "60380", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60380"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-3048.html"}, {"name": "linux-kernel-cve20144943-priv-esc(94665)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94665"}, {"name": "[oss-security] 20140716 CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/07/17/1"}, {"name": "60011", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60011"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf"}, {"name": "DSA-2992", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2992"}, {"name": "109277", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/show/osvdb/109277"}, {"name": "60071", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60071"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4943", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36267", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/36267"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-3047.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-3047.html"}, {"name": "SUSE-SU-2014:1316", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"name": "1030610", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030610"}, {"name": "60220", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60220"}, {"name": "59790", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59790"}, {"name": "RHSA-2014:1025", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1025.html"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf"}, {"name": "SUSE-SU-2014:1319", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"name": "SUSE-SU-2015:0481", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"name": "openSUSE-SU-2015:0566", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1119458", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119458"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-0924.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-0924.html"}, {"name": "60393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60393"}, {"name": "60380", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60380"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-3048.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-3048.html"}, {"name": "linux-kernel-cve20144943-priv-esc(94665)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94665"}, {"name": "[oss-security] 20140716 CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/07/17/1"}, {"name": "60011", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60011"}, {"name": "https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf"}, {"name": "DSA-2992", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2992"}, {"name": "109277", "refsource": "OSVDB", "url": "http://osvdb.org/show/osvdb/109277"}, {"name": "60071", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60071"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:34:36.396Z"}, "title": "CVE Program Container", "references": [{"name": "36267", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/36267"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-3047.html"}, {"name": "SUSE-SU-2014:1316", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"name": "1030610", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030610"}, {"name": "60220", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60220"}, {"name": "59790", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59790"}, {"name": "RHSA-2014:1025", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1025.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf"}, {"name": "SUSE-SU-2014:1319", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"name": "SUSE-SU-2015:0481", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"name": "openSUSE-SU-2015:0566", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119458"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-0924.html"}, {"name": "60393", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60393"}, {"name": "60380", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60380"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-3048.html"}, {"name": "linux-kernel-cve20144943-priv-esc(94665)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94665"}, {"name": "[oss-security] 20140716 CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/07/17/1"}, {"name": "60011", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60011"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf"}, {"name": "DSA-2992", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2992"}, {"name": "109277", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/show/osvdb/109277"}, {"name": "60071", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60071"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4943", "datePublished": "2014-07-19T19:00:00", "dateReserved": "2014-07-11T00:00:00", "dateUpdated": "2024-08-06T11:34:36.396Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EE231C1-9704-48DF-A69C-D7D54025D1FE", "versionEndExcluding": "3.2.62", "versionStartIncluding": "2.6.23", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15D06E25-126B-41A6-B67F-CBB01FE38B65", "versionEndExcluding": "3.4.102", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E587850-EE7E-4854-9233-D0661A9B6FDC", "versionEndExcluding": "3.10.52", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "958A3619-3689-4544-8F01-6354F9883892", "versionEndExcluding": "3.12.27", "versionStartIncluding": "3.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "342BFE02-0C37-49C8-AC2D-EE3CB8F83D4B", "versionEndExcluding": "3.14.16", "versionStartIncluding": "3.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "32F9A8B9-E6E9-4C19-8AEE-3F5A6980E1C5", "versionEndExcluding": "3.15.9", "versionStartIncluding": "3.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket."}, {"lang": "es", "value": "La funcionalidad PPPoL2TP en net/l2tp/l2tp_ppp.c en el kernel de Linux hasta 3.15.6 permite a usuarios locales ganar privilegios mediante el aprovechamiento de diferencias de la estructura de datos entre un socket l2tp y un socket inet."}], "id": "CVE-2014-4943", "lastModified": "2024-01-19T17:50:47.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-19T19:55:08.230", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-0924.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-3047.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-3048.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2014/07/17/1"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/show/osvdb/109277"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1025.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59790"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60011"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60071"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60220"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60380"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60393"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2992"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/36267"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030610"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119458"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94665"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Sasha Levin for reporting this issue.", "affected_release": [{"advisory": "RHSA-2014:0924", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-431.20.5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-07-23T00:00:00Z"}, {"advisory": "RHSA-2014:1025", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "kernel-0:2.6.32-220.54.1.el6", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2014-08-06T00:00:00Z"}, {"advisory": "RHSA-2014:0925", "cpe": "cpe:/o:redhat:rhel_eus:6.4", "package": "kernel-0:2.6.32-358.46.2.el6", "product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support", "release_date": "2014-07-23T00:00:00Z"}, {"advisory": "RHSA-2014:0923", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-123.4.4.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-07-23T00:00:00Z"}], "bugzilla": {"description": "kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt()", "id": "1119458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119458"}, "csaw": false, "cvss": {"cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified"}, "details": ["The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.", "A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system."], "mitigation": {"lang": "en:us", "value": "For Red Hat Enterprise Linux 6 do --\n]# echo \"install pppol2tp /bin/true\" > /etc/modprobe.d/pppol2tp.conf\nFor Red Hat Enterprise Linux 7 do --\n]# echo \"install l2tp_ppp /bin/true\" > /etc/modprobe.d/l2t_pppp.conf\nOr, alternatively, when pppol2tp/l2tp_ppp module can't be blacklisted and needs\nto be loaded, you can use the following systemtap script --\n1) On the host, save the following in a file with the \".stp\" extension --\nprobe module(\"*l2tp*\").function(\"pppol2tp_*etsockopt\").call {\n$level = 273;\n}\n2) Install the \"systemtap\" package and any required dependencies. Refer to\nthe \"2. Using SystemTap\" chapter in the Red Hat Enterprise Linux 6\n\"SystemTap Beginners Guide\" document, available from docs.redhat.com, for\ninformation on installing the required -debuginfo packages.\n3) Run the \"stap -g [filename-from-step-1].stp\" command as root.\nIf the host is rebooted, the changes will be lost and the script must be\nrun again.\nAlternatively, build the systemtap script on a development system with\n\"stap -g -p 4 [filename-from-step-1].stp\", distribute the resulting kernel\nmodule to all affected systems, and run \"staprun -L <module>\" on those.\nWhen using this approach only systemtap-runtime package is required on the\naffected systems. Please notice that the kernel version must be the same across\nall systems."}, "name": "CVE-2014-4943", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2014-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-4943\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4943"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG 2.\nPlease note that on Red Hat Enterprise Linux 6 pppol2tp module is not\nautomatically loaded when AF_PPPOX/PX_PROTO_OL2TP socket is created as\nRed Hat Enterprise Linux 6 lacks upstream commit 9395a09d05a23bb and default\nmodprobe configuration as shipped with module-init-tools package does not\ncontain the alias for pppol2tp protocol either. As a result, pppol2tp module\nhas to be explicitly enabled and/or loaded by the system administrator.", "threat_severity": "Important"}