CVE-2017-7397 - OpenCVE

BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports "It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Backbox	Backbox Linux

Configuration 1 [-]

cpe:2.3:o:backbox:backbox_linux:4.6:*:*:*:*:*:*:*

References

Link	Resource
http://www.exploitalert.com/view-details.html?id=26361	Exploit Third Party Advisory
https://backbox.org/portal/blog/false-cve-backbox-46-unmasked	Vendor Advisory
https://cxsecurity.com/issue/WLB-2017040001	Exploit Third Party Advisory
https://forum.backbox.org/security-advisories/waiting-verification-backbox-os-denial-of-service/msg10218	Vendor Advisory
https://www.exploit-db.com/exploits/41781/	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-03T20:00:00

Updated: 2017-04-07T14:57:01

Reserved: 2017-03-31T00:00:00

Link: CVE-2017-7397

JSON object: View

NVD Information

Status : Modified

Published: 2017-04-03T20:59:00.200

Modified: 2024-05-17T01:19:47.683

Link: CVE-2017-7397

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-03T00:00:00", "descriptions": [{"lang": "en", "value": "BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports \"It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-07T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.exploitalert.com/view-details.html?id=26361"}, {"tags": ["x_refsource_MISC"], "url": "https://backbox.org/portal/blog/false-cve-backbox-46-unmasked"}, {"tags": ["x_refsource_MISC"], "url": "https://cxsecurity.com/issue/WLB-2017040001"}, {"tags": ["x_refsource_MISC"], "url": "https://forum.backbox.org/security-advisories/waiting-verification-backbox-os-denial-of-service/msg10218"}, {"name": "41781", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41781/"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7397", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports \"It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.exploitalert.com/view-details.html?id=26361", "refsource": "MISC", "url": "http://www.exploitalert.com/view-details.html?id=26361"}, {"name": "https://backbox.org/portal/blog/false-cve-backbox-46-unmasked", "refsource": "MISC", "url": "https://backbox.org/portal/blog/false-cve-backbox-46-unmasked"}, {"name": "https://cxsecurity.com/issue/WLB-2017040001", "refsource": "MISC", "url": "https://cxsecurity.com/issue/WLB-2017040001"}, {"name": "https://forum.backbox.org/security-advisories/waiting-verification-backbox-os-denial-of-service/msg10218", "refsource": "MISC", "url": "https://forum.backbox.org/security-advisories/waiting-verification-backbox-os-denial-of-service/msg10218"}, {"name": "41781", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41781/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7397", "datePublished": "2017-04-03T20:00:00", "dateReserved": "2017-03-31T00:00:00", "dateUpdated": "2017-04-07T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:backbox:backbox_linux:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "2A3B80AA-BB59-4520-AB3F-073AF41D1CB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports \"It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions."}, {"lang": "es", "value": "** DISPUTADA ** BackBox Linux 4.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU ksoftirqd) a trav\u00e9s de una inundaci\u00f3n de paquetes con direcciones IP de origen Martian (tal como se define en el RFC 1812 secci\u00f3n 5.3.7). Este producto habilita net.ipv4.conf.all.log_martians por defecto. NOTA: el proveedor reporta \"Se ha demostrado que esta vulnerabilidad no tiene fundamento y es totalmente falsa y basada en suposiciones falsas\"."}], "id": "CVE-2017-7397", "lastModified": "2024-05-17T01:19:47.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-03T20:59:00.200", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.exploitalert.com/view-details.html?id=26361"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://backbox.org/portal/blog/false-cve-backbox-46-unmasked"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cxsecurity.com/issue/WLB-2017040001"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://forum.backbox.org/security-advisories/waiting-verification-backbox-os-denial-of-service/msg10218"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41781/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}