CVE-2016-3707 - OpenCVE

The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux For Real Time For Nfv Enterprise Linux For Real Time
Linux	Linux Kernel-rt
Novell	Suse Linux Enterprise Real Time Extension

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel-rt::::::::
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:::::::*

Configuration 2 [-]

cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
http://www.openwall.com/lists/oss-security/2016/05/17/1
https://access.redhat.com/errata/RHSA-2016:1301	Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1341	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1327484	Issue Tracking

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-06-27T10:00:00

Updated: 2016-11-25T20:57:01

Reserved: 2016-03-30T00:00:00

Link: CVE-2016-3707

JSON object: View

NVD Information

Status : Modified

Published: 2016-06-27T10:59:04.563

Modified: 2023-02-12T23:19:07.967

Link: CVE-2016-3707

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2016:1341", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1341"}, {"name": "SUSE-SU-2016:1985", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"name": "RHSA-2016:1301", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1301"}, {"name": "[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1"}, {"name": "SUSE-SU-2016:1764", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484"}, {"name": "SUSE-SU-2016:1937", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-3707", "datePublished": "2016-06-27T10:00:00", "dateReserved": "2016-03-30T00:00:00", "dateUpdated": "2016-11-25T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel-rt:*:*:*:*:*:*:*:*", "matchCriteriaId": "E86CD217-1B09-4319-8C00-8430767D2A90", "versionEndIncluding": "3.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*", "matchCriteriaId": "C2B15608-BABC-4663-A58F-B74BD2D1A734", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*", "matchCriteriaId": "36E85B24-30F2-42AB-9F68-8668C0FCC5E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "B2905A9C-3E00-4188-8341-E5C2F62EF405", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file."}, {"lang": "es", "value": "La funci\u00f3n icmp_check_sysrq en net/ipv4/icmp.c en los kernel.org projects/rt patches para el kernel de Linux, tal como se utiliza en el paquete kernel-rt en versiones anteriores a 3.10.0-327.22.1 en Red Hat Enterprise Linux for Real Time 7 y otros productos, permite a atacantes remotos ejecutar comandos SysRq a trav\u00e9s de paquetes ICMP Echo Request manipulados, como demuestra un ataque de fuerza bruta para descubrir una cookie, o un ataque que ocurra despu\u00e9s de leer el archivo local icmp_echo_sysrq."}], "id": "CVE-2016-3707", "lastModified": "2023-02-12T23:19:07.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-27T10:59:04.563", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:1301"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:1341"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}