Vulnerability CVE-2016-3707

Vulnerability Name:

CVE-2016-3707 (CCN-113379)

Assigned:

2016-05-17

Published:

2016-05-17

Updated:

2023-02-12

Summary:

The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

7.1 High (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-312

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2016-3707

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2016-1301
Important: kernel-rt security, bug fix, and enhancement update

Source: CCN
Type: RHSA-2016-1341
Important: kernel-rt security and bug fix update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 1327484
(CVE-2016-3707) CVE-2016-3707 kernel-rt: Sending SysRq command via ICMP echo request

Source: secalert@redhat.com
Type: Issue Tracking
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-kernel-cve20163707-dos(113379)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-3707

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:14843	P	bind-9.11.2-3.10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14746	P	python-imaging-1.1.7-21.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15133	P	p7zip-9.20.1-7.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15105	P	libxcb-dri2-0-1.10-4.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15031	P	libmspack0-0.4-14.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14773	P	strongswan-5.1.3-26.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14739	P	ppc64-diag-2.7.4-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15117	P	mailman-2.1.17-3.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15059	P	libpulse-mainloop-glib0-32bit-5.0-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14937	P	kernel-default-4.12.14-120.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14747	P	python-libxml2-2.9.4-46.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15106	P	libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15032	P	libmusicbrainz4-2.1.5-27.79 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14913	P	gstreamer-plugins-base-1.8.3-13.3.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14938	P	kernel-firmware-20190618-5.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14893	P	gd-2.1.0-24.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14914	P	gstreamer-plugins-good-1.8.3-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14842	P	bash-4.3-83.23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15132	P	ovmf-2017+git1510945757.b2662641d5-3.16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14894	P	gdk-pixbuf-lang-2.34.0-19.17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14772	P	squidGuard-1.4-30.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14738	P	powerpc-utils-1.3.5-3.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15116	P	logwatch-7.4.3-15.65 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15058	P	libproxy1-0.4.13-16.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:20163707	V	CVE-2016-3707	2021-06-25
oval:org.opensuse.security:def:15793	P	libbz2-devel-1.0.6-27.1129 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15770	P	libQt5Bootstrap-devel-static-5.3.2-1.81 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15794	P	libcgroup-devel-0.41.rc1-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15771	P	libX11-devel-1.6.2-4.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:28286	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:28202	P	Security update for libid3tag (Moderate)	2020-12-01
oval:org.opensuse.security:def:29313	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28145	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29277	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28061	P	Security update for evince (Moderate)	2020-12-01
oval:org.opensuse.security:def:27858	P	Security update for postgresql91	2020-12-01
oval:org.opensuse.security:def:28639	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:28540	P	Security update for curl	2020-12-01
oval:org.opensuse.security:def:27933	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27857	P	Security update for postgresql91	2020-12-01
oval:org.opensuse.security:def:28595	P	Security update for PostgreSQL	2020-12-01
oval:org.opensuse.security:def:28491	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:27869	P	Security update for python-logilab-common	2020-12-01
oval:org.opensuse.security:def:28579	P	Security update for poppler	2020-12-01
oval:org.opensuse.security:def:28438	P	Security update for xen (Important)	2020-12-01
oval:com.redhat.rhsa:def:20161301	P	RHSA-2016:1301: kernel-rt security, bug fix, and enhancement update (Important)	2016-06-23

BACK