CVE-2017-5972

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 14-02-2017 07:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

Reference

https://githubengineering.com/syn-flood-mitigation-with-synsanity/
https://cxsecurity.com/issue/WLB-2017020112
96231-Third Party Advisory, VDB Entry
41350-Third Party Advisory, VDB Entry
https://security-tracker.debian.org/tracker/CVE-2017-5972
https://bugzilla.redhat.com/show_bug.cgi?id=1422081
https://access.redhat.com/security/cve/cve-2017-5972
https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html
http://seclists.org/oss-sec/2017/q1/573

Keywords

CVE-2017-5972

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2017-5972

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures