Remote Command Execution Vulnerability in Linux Kernel RT Package by Red Hat
CVE-2016-3707

8.1HIGH

Key Information:

Vendor
Linux
Status
Linux Kernel-rt
Enterprise Linux For Real Time
Enterprise Linux For Real Time For Nfv
Vendor
CVE Published:
27 June 2016

Summary

The icmp_check_sysrq function in the Linux kernel RT package allows remote attackers to execute arbitrary SysRq commands through specially crafted ICMP Echo Request packets. This can occur via brute-force attempts to guess a specific cookie or by exploiting access to local ICMP echo request configuration files. Such vulnerabilities can lead to significant security risks, enabling attackers to manipulate the kernel and perform unauthorized actions.

References

https://access.redhat.com/errata/RHSA-2016:1341
vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
https://access.redhat.com/errata/RHSA-2016:1301
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.