Bug 1327484 (CVE-2016-3707) - CVE-2016-3707 kernel-rt: Sending SysRq command via ICMP echo request
Summary: CVE-2016-3707 kernel-rt: Sending SysRq command via ICMP echo request
Status: CLOSED ERRATA
Alias: CVE-2016-3707
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20160517,repor...
Keywords: Security
Depends On: 1331240 1331241 1331242
Blocks: 1327486
TreeView+ depends on / blocked
 
Reported: 2016-04-15 08:35 UTC by Adam Mariš
Modified: 2019-06-08 21:07 UTC (History)
26 users (show)

(edit)
A flaw was found in the way the realtime kernel processed specially crafted ICMP echo requests. A remote attacker could use this flaw to trigger a sysrql function based on values in the ICMP packet, allowing them to remotely restart the system. Note that this feature is not enabled by default and requires elevated privileges to be configured.
Clone Of:
(edit)
Last Closed: 2016-06-24 11:02:00 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1301 normal SHIPPED_LIVE Important: kernel-rt security, bug fix, and enhancement update 2016-06-23 20:15:04 UTC
Red Hat Product Errata RHSA-2016:1341 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2016-06-27 14:02:50 UTC

Description Adam Mariš 2016-04-15 08:35:13 UTC
A flaw was found in the kernel-rt in which an attacker could submit a specially crafted ICMP echo request which can trigger a sysrq function based on values in the ICMP packet.

This feature was introduced in the kernel-rt only and is not shipping with standard Red Hat Enterprise Linux kernels.

Remote attacker could exploit this feature using bruteforce to submit arbitrary SysRq commands.

Resources:
https://www.kernel.org/pub/linux/kernel/projects/rt/4.4/patch-4.4.7-rt16.patch.gz

Upstream discussion:
https://lwn.net/Articles/448790/

CVE request:
http://seclists.org/oss-sec/2016/q2/349

Comment 3 Wade Mealing 2016-04-29 13:16:30 UTC
Statement:

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and 7.

This issue affects the Linux kernel-rt packages as shipped with Red Hat Enterprise Linux 7 and MRG-2  and may be addressed in a future update.

Comment 6 errata-xmlrpc 2016-06-23 16:30:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1301 https://access.redhat.com/errata/RHSA-2016:1301

Comment 7 errata-xmlrpc 2016-06-27 10:03:53 UTC
This issue has been addressed in the following products:

  MRG for RHEL-6 v.2

Via RHSA-2016:1341 https://access.redhat.com/errata/RHSA-2016:1341


Note You need to log in before you can comment on or make changes to this bug.