CVE-2017-7397
published 2017-04-03CVE-2017-7397: BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as…
PriorityP347high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
11.07%
95.4th percentile
BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports "It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| backbox | backbox_linux | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect high-rate flood of packets with randomised/spoofed (Martian) source IP addresses targeting a single destination host, causing ksoftirqd CPU exhaustion on systems with net.ipv4.conf.all.log_martians enabled. ↗
- →The exploit sends raw packets (AF_INET/SOCK_RAW/IPPROTO_RAW) with fully randomised source IPs (random() used for ip_src when no class specified), TTL=255, and TOS=0x08. Monitor for raw socket creation combined with high packet rates from rapidly changing source IPs. ↗
- →ICMP flood loop sends up to 1000 packets per iteration without delay. Detect bursts of ICMP ECHO packets (icmp_type=ICMP_ECHO, icmp_code=0) with spoofed sources and fixed checksum pattern (icmp_cksum = htons(~(ICMP_ECHO << 8))). ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.exploitalert.com/view-details.html?id=26361https://backbox.org/portal/blog/false-cve-backbox-46-unmaskedhttps://cxsecurity.com/issue/WLB-2017040001https://forum.backbox.org/security-advisories/waiting-verification-backbox-os-denial-of-service/msg10218https://www.exploit-db.com/exploits/41781/http://www.exploitalert.com/view-details.html?id=26361https://backbox.org/portal/blog/false-cve-backbox-46-unmaskedhttps://cxsecurity.com/issue/WLB-2017040001https://forum.backbox.org/security-advisories/waiting-verification-backbox-os-denial-of-service/msg10218https://www.exploit-db.com/exploits/41781/
2017-04-03
Published