Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2014-4943

Published: 19/07/2014 Updated: 19/01/2024
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 700
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel up to and including 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

suse linux enterprise desktop 11

suse linux enterprise server 11

opensuse opensuse 11.4

redhat enterprise linux server aus 6.2

debian debian linux 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: gdb fails on s390x with "Couldn't write registers: Invalid argument"
Debian Bug report logs - #728705 gdb fails on s390x with "Couldn't write registers: Invalid argument" Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Affects: gdb Reported by: Thibaut Paumard <thibaut@debianorg> Date: Mon, 4 Nov 2013 13:45:02 UTC Severity: importa ...
Debian Security Advisories: DSA-2992-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-3534 Martin Schwidefsky of IBM discovered that the ptrace subsystem does not properly sanitize the psw mask value On s390 systems, an unprivileged local user could use this flaw to set address space ...
Red Hat: CVE-2014-4943
A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level A local, unprivileged user could use this flaw to escalate their privileges on the system ...
Ubuntu Security Notice: linux-ec2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-raring vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-quantal vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-saucy vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...

Exploits

Exploit DB: Linux CVE-2014-4943 Proof Of Concept
The PPPoL2TP feature in net/l2tp/l2tp_pppc in the Linux kernel through 3156 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket This is a POC to reproduce vulnerability No exploitation here, just simple kernel panic ...
Exploit DB: Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
/* ---------------------------------------------------------------------------------------------------- * cve-2014-4943_pocc * * The PPPoL2TP feature in net/l2tp/l2tp_pppc in the Linux kernel through 3156 allows local users to gain privileges by leveraging data-structure * differences between an l2tp socket and an inet socket * * Thi ...
Exploit DB: Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)
/* Socket Re-use Combo for linux x86 systems by ZadYree -- 50 bytes * <zadyree@tuxfamilyorg> * * Made using sockfd trick + dup2(0,0), dup2(0,1), dup2(0,2) + * execve /bin/sh * * Thanks: Charles Stevenson, ipv, 3LRVS research team * * gcc -o socket_reuse socket_reusec -z execstack */ char shellcode[]= /* We use sys_dup(2) to get th ...

Github Repositories

https://github.com/redes-2015/l2tp-socket-bug

Estudo e apresentação do bug CVE-2014-4943 para a disciplina MAC0448

CVE-2014-4943 The PPPoL2TP feature in net/l2tp/l2tp_pppc in the Linux kernel through 3156 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket CVSS v2 Base Score: 69 (MEDIUM)

References

CWE-269http://openwall.com/lists/oss-security/2014/07/17/1https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3dafhttps://bugzilla.redhat.com/show_bug.cgi?id=1119458http://secunia.com/advisories/60393http://secunia.com/advisories/60011http://linux.oracle.com/errata/ELSA-2014-0924.htmlhttp://linux.oracle.com/errata/ELSA-2014-3047.htmlhttp://secunia.com/advisories/60071http://linux.oracle.com/errata/ELSA-2014-3048.htmlhttp://secunia.com/advisories/60220http://secunia.com/advisories/60380http://www.securitytracker.com/id/1030610http://www.debian.org/security/2014/dsa-2992http://rhn.redhat.com/errata/RHSA-2014-1025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.htmlhttp://www.exploit-db.com/exploits/36267http://osvdb.org/show/osvdb/109277http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.htmlhttp://secunia.com/advisories/59790https://exchange.xforce.ibmcloud.com/vulnerabilities/94665http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3cf521f7dc87c031617fd47e4b7aa2593c2f3dafhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728705https://nvd.nist.govhttps://github.com/redes-2015/l2tp-socket-bughttps://www.exploit-db.com/exploits/36267/https://access.redhat.com/security/cve/cve-2014-4943https://www.debian.org/security/./dsa-2992https://usn.ubuntu.com/2281-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook