CVE-2016-3707

Current Description

The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.

Basic Data

PublishedJune 27, 2016
Last ModifiedNovember 28, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-284
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityHIGH
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score8.1
CVSS 3 - Base SeverityHIGH
Exploitability Score2.2
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel-rt********3.10.0
    2.3OSRedhatEnterprise Linux For Real Time7*******
    2.3OSRedhatEnterprise Linux For Real Time For Nfv7*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSNovellSuse Linux Enterprise Real Time Extension12.0sp1******

Vulnerable Software List

VendorProductVersions
Novell Suse Linux Enterprise Real Time Extension 12.0
Redhat Enterprise Linux For Real Time 7
Redhat Enterprise Linux For Real Time For Nfv 7
Linux Linux Kernel-rt *

References

NameSourceURLTags
SUSE-SU-2016:1764http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlSUSEThird Party Advisory
SUSE-SU-2016:1937http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlSUSEThird Party Advisory
SUSE-SU-2016:1985http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.htmlSUSE
[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo requesthttp://www.openwall.com/lists/oss-security/2016/05/17/1MLIST
RHSA-2016:1301https://access.redhat.com/errata/RHSA-2016:1301REDHATThird Party Advisory
RHSA-2016:1341https://access.redhat.com/errata/RHSA-2016:1341REDHATThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1327484https://bugzilla.redhat.com/show_bug.cgi?id=1327484CONFIRMIssue Tracking