CVE-2019-11360
Publication date 12 July 2019
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.
Status
Package | Ubuntu Release | Status |
---|---|---|
iptables | 20.04 LTS focal |
Not affected
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
Notes
mdeslaur
To exploit this, you would need to trick someone into restoring a set of iptables rules from a malicious iptables-save file. This is quite an unlikely scenario. Reproducer doesn’t work on xenial and bionic, like an issue in 1.8.2 only.
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Local |
Attack complexity | Low |
Privileges required | High |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |