Upstream information

CVE-2016-3707 at MITRE

Description

The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.82
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 8.1
Vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Access Vector Network
Access Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
SUSE Bugzilla entry: 980246 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Real Time Extension 11 SP4
  • kernel-rt >= 3.0.101.rt130-57.1
  • kernel-rt-base >= 3.0.101.rt130-57.1
  • kernel-rt-devel >= 3.0.101.rt130-57.1
  • kernel-rt_trace >= 3.0.101.rt130-57.1
  • kernel-rt_trace-base >= 3.0.101.rt130-57.1
  • kernel-rt_trace-devel >= 3.0.101.rt130-57.1
  • kernel-source-rt >= 3.0.101.rt130-57.1
  • kernel-syms-rt >= 3.0.101.rt130-57.1
Patchnames:
slertesp4-linux-kernel-12681
SUSE Linux Enterprise Real Time Extension 12 SP1
  • kernel-compute >= 3.12.61-60.18.1
  • kernel-compute-base >= 3.12.61-60.18.1
  • kernel-compute-devel >= 3.12.61-60.18.1
  • kernel-compute_debug >= 3.12.61-60.18.1
  • kernel-compute_debug-devel >= 3.12.61-60.18.1
  • kernel-devel-rt >= 3.12.61-60.18.1
  • kernel-rt >= 3.12.61-60.18.1
  • kernel-rt-base >= 3.12.61-60.18.1
  • kernel-rt-devel >= 3.12.61-60.18.1
  • kernel-rt_debug >= 3.12.61-60.18.1
  • kernel-rt_debug-devel >= 3.12.61-60.18.1
  • kernel-source-rt >= 3.12.61-60.18.1
  • kernel-syms-rt >= 3.12.61-60.18.1
Patchnames:
SUSE-SLE-RT-12-SP1-2016-1038
SUSE-SLE-RT-12-SP1-2016-1133