{
  "threat_severity" : "Moderate",
  "public_date" : "2014-09-25T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: iptables restriction bypass if a protocol handler kernel module not loaded",
    "id" : "1182059",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1182059"
  },
  "cvss" : {
    "cvss_base_score" : "5.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
    "status" : "verified"
  },
  "details" : [ "net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.", "A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-03-11T00:00:00Z",
    "advisory" : "RHSA-2015:0674",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-504.12.2.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.5 Extended Update Support",
    "release_date" : "2015-03-03T00:00:00Z",
    "advisory" : "RHSA-2015:0284",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.5",
    "package" : "kernel-0:2.6.32-431.50.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHSA-2015:0290",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-229.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Under investigation",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-8160\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8160" ],
  "name" : "CVE-2014-8160",
  "csaw" : false
}