Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2015-8787

Disclosure Date: February 08, 2016 •

CVE-2015-8787 CVSS v3 Base Score: 9.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2015-8787 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8787)

Advisory

[oss-security] 20160127 CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function (http://www.openwall.com/lists/oss-security/2016/01/27/6)

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

https://github.com/torvalds/linux/commit/94f9cd81436c85d8c3a318ba92e236ede73752fc

USN-2890-3 (http://www.ubuntu.com/usn/USN-2890-3)

USN-2889-1 (http://www.ubuntu.com/usn/USN-2889-1)

USN-2889-2 (http://www.ubuntu.com/usn/USN-2889-2)

FEDORA-2016-5d43766e33 (http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html)

USN-2890-2 (http://www.ubuntu.com/usn/USN-2890-2)

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

USN-2890-1 (http://www.ubuntu.com/usn/USN-2890-1)

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html

https://bugzilla.redhat.com/show_bug.cgi?id=1300731

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=94f9cd81436c85d8c3a318ba92e236ede73752fc

FEDORA-2016-2f25d12c51 (http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html)

Rapid7

Technical Analysis