CVE-2014-4943
Title: Redhat Enterprise Linux Server Aus Auth Bypass
Auth Bypass
Proof Of Concept
PoC Available for CVE-2014-4943
CWE Category
CWE-269
Published Date
Jul 19, 2014
Modified Date
May 06, 2026
Exploit Status
Available
Score
6.9
CVSS v2.0
Exploit Probability (EPSS)
1.03%
Vulnerability Summary
CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
Impacted Vendors
Reference Links
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
http://linux.oracle.com/errata/ELSA-2014-0924.html
http://linux.oracle.com/errata/ELSA-2014-3047.html
http://linux.oracle.com/errata/ELSA-2014-3048.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://openwall.com/lists/oss-security/2014/07/17/1
http://osvdb.org/show/osvdb/109277
http://rhn.redhat.com/errata/RHSA-2014-1025.html
http://secunia.com/advisories/59790
http://secunia.com/advisories/60011
http://secunia.com/advisories/60071
http://secunia.com/advisories/60220
http://secunia.com/advisories/60380
http://secunia.com/advisories/60393
http://www.debian.org/security/2014/dsa-2992
http://www.exploit-db.com/exploits/36267
http://www.securitytracker.com/id/1030610
https://bugzilla.redhat.com/show_bug.cgi?id=1119458
https://exchange.xforce.ibmcloud.com/vulnerabilities/94665
https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
http://linux.oracle.com/errata/ELSA-2014-0924.html
http://linux.oracle.com/errata/ELSA-2014-3047.html
http://linux.oracle.com/errata/ELSA-2014-3048.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://openwall.com/lists/oss-security/2014/07/17/1
http://osvdb.org/show/osvdb/109277
http://rhn.redhat.com/errata/RHSA-2014-1025.html
http://secunia.com/advisories/59790
http://secunia.com/advisories/60011
http://secunia.com/advisories/60071
http://secunia.com/advisories/60220
http://secunia.com/advisories/60380
http://secunia.com/advisories/60393
http://www.debian.org/security/2014/dsa-2992
http://www.exploit-db.com/exploits/36267
http://www.securitytracker.com/id/1030610
https://bugzilla.redhat.com/show_bug.cgi?id=1119458
https://exchange.xforce.ibmcloud.com/vulnerabilities/94665
https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
CVSS v2.0
Source Entity
[email protected]
Severity
MEDIUM
6.9
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:L/AC:M/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2014-4943 Exploits & PoCs (Proof Of Concept)
Exploit-DB
https://www.exploit-db.com/exploits/36267
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:L/AC:M/Au:N/C:C/I:C/A:C
Affected Stack
No specific products linked.