Vulnerability Details CVE-2017-7397
BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports "It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.218
EPSS Ranking 95.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.exploitalert.com/view-details.html?id=26361
- https://backbox.org/portal/blog/false-cve-backbox-46-unmasked
- https://cxsecurity.com/issue/WLB-2017040001
- https://forum.backbox.org/security-advisories/waiting-verification-backbox-os-denial-of-service/msg10218
- https://www.exploit-db.com/exploits/41781/
- http://www.exploitalert.com/view-details.html?id=26361
- https://backbox.org/portal/blog/false-cve-backbox-46-unmasked
- https://cxsecurity.com/issue/WLB-2017040001
- https://forum.backbox.org/security-advisories/waiting-verification-backbox-os-denial-of-service/msg10218
- https://www.exploit-db.com/exploits/41781/
Products affected by CVE-2017-7397
-
cpe:2.3:o:backbox:backbox_linux:4.6