Think you have a false positive on this rule?

Sid 1-40063

Message

OS-LINUX Linux Kernel Challenge ACK provocation attempt

Summary

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

Impact

CVSS base score 4.8 CVSS impact score 2.5 CVSS exploitability score 2.2 confidentialityImpact NONE integrityImpact LOW availabilityImpact LOW

CVE-2016-5696:

CVSS base score 4.8

CVSS impact score 2.5

CVSS exploitability score 2.2

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

CVE-2017-7285:

CVSS base score 7.5

CVSS impact score 3.6

CVSS exploitability score 3.9

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Detailed information

CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

CVE-2017-7285: A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.

Affected systems

  • oracle vm_server 3.3
  • oracle vm_server 3.4
  • google android 7.0
  • linux linux_kernel 4.6.6
  • mikrotik routeros 6.38.5

Ease of attack

CVE-2016-5696:

Access Vector

Access Complexity

Authentication

CVE-2017-7285:

Access Vector

Access Complexity

Authentication

False positives

None known

False negatives

None known

Corrective action

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References