CVE-2016-3707

CWE-284 — Improper Access Control CWE-312 — Cleartext Storage of Sensitive Info7 documents7 sources

Severity

8.1HIGH

EPSS

1.8%

top 17.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel-rt Novell Suse Linux Enterprise Real Time Extension Redhat Enterprise Linux FOR Real Time +1 more

Timeline

PublishedJun 27

Latest updateMay 17

Description

The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶NVDlinux/linux_kernel-rt3.10.0

▶NVDnovell/suse_linux_enterprise_real_time_extension12.0

▶Debianlinux< 3.15~rc5-1~exp1+3

Also affects: Enterprise Linux 7

🔴Vulnerability Details

GHSA

GHSA-558g-x28c-wmj6: The icmp_check_sysrq function in net/ipv4/icmp↗2022-05-17

▶

CVEList

CVE-2016-3707: The icmp_check_sysrq function in net/ipv4/icmp↗2016-06-27

▶

OSV

CVE-2016-3707: The icmp_check_sysrq function in net/ipv4/icmp↗2016-06-27

▶

📋Vendor Advisories

Red Hat

kernel-rt: Sending SysRq command via ICMP echo request↗2016-05-17

▶

Debian

CVE-2016-3707: linux - The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt p...↗2016

▶

💬Community

Bugzilla

CVE-2016-3707 kernel-rt: Sending SysRq command via ICMP echo request↗2016-04-15

▶