CVE-2017-5972
published 2017-02-14CVE-2017-5972: The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows…
PriorityP358high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
23.89%
97.5th percentile
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.4.2-1 (bookworm) | linux 4.4.2-1 (bookworm) |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | 3.0.0 – 3.19.8 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f37r-2v2w-7r8w: The TCP stack in the Linux kernel 3
ghsa_unreviewed·2022-05-13
CVE-2017-5972 [HIGH] CWE-400 GHSA-f37r-2v2w-7r8w: The TCP stack in the Linux kernel 3
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.
OSV
CVE-2017-5972: The TCP stack in the Linux kernel 3
osv·2017-02-14·CVSS 7.5
CVE-2017-5972 [HIGH] CVE-2017-5972: The TCP stack in the Linux kernel 3
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.
Red Hat
kernel: SYN cookie protection mechanism not properly implemented
vendor_redhat·2017-02-12·CVSS 7.5
CVE-2017-5972 [HIGH] CWE-400 kernel: SYN cookie protection mechanism not properly implemented
kernel: SYN cookie protection mechanism not properly implemented
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.
Statement: This issue affects Red Hat Enterprise Linux 5,6, 7 and MRG-2 kernels. Red Hat has no plans to fix this issue at this time.
While performance enhancements have been made upstream, Red Hat Product Security believes the report to be invalid and able to
Debian
CVE-2017-5972: linux - The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie p...
vendor_debian·2017·CVSS 7.5
CVE-2017-5972 [HIGH] CVE-2017-5972: linux - The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie p...
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.
Scope: local
bookworm: resolved (fixed in 4.4.2-1)
bullseye: resolved (fixed in 4.4.2-1)
forky: resolved (fixed in 4.4.2-1)
sid: resolved (fixed in 4.4.2-1)
trixie: resolved (fixed in 4.4.2-1)
No detection rules found.
http://seclists.org/oss-sec/2017/q1/573http://www.securityfocus.com/bid/96231https://access.redhat.com/security/cve/cve-2017-5972https://bugzilla.redhat.com/show_bug.cgi?id=1422081https://cxsecurity.com/issue/WLB-2017020112https://githubengineering.com/syn-flood-mitigation-with-synsanity/https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.htmlhttps://security-tracker.debian.org/tracker/CVE-2017-5972https://www.exploit-db.com/exploits/41350/http://seclists.org/oss-sec/2017/q1/573http://www.securityfocus.com/bid/96231https://access.redhat.com/security/cve/cve-2017-5972https://bugzilla.redhat.com/show_bug.cgi?id=1422081https://cxsecurity.com/issue/WLB-2017020112https://githubengineering.com/syn-flood-mitigation-with-synsanity/https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.htmlhttps://security-tracker.debian.org/tracker/CVE-2017-5972https://www.exploit-db.com/exploits/41350/
2017-02-14
Published