Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
785
VMScore

CVE-2017-5972

Published: 14/02/2017 Updated: 31/07/2020
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Linux Kernel

Vulnerability Summary

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote malicious users to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Red Hat: CVE-2017-5972
The TCP stack in the Linux kernel 3x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3100 package in CentOS Linux 7 NOTE: third par ...

Exploits

Exploit DB: Linux Kernel 3.10.0 (CentOS7) - Denial of Service
##### #Exploit Title: CentOS7 Kernel Crashing by rsyslog daemon vulnerability | DOS on CentOS7 #Exploit Author: Hosein Askari (FarazPajohan) #Vendor HomePage: wwwcentosorg/ #Version : 7 #Tested on: Parrot OS #Date: 12-2-2017 #Category: Operating System #Vulnerable Daemon: RSYSLOG #Author Mail :hoseinaskari@aolcom #Description: #The Cent ...

References

CWE-400https://githubengineering.com/syn-flood-mitigation-with-synsanity/https://cxsecurity.com/issue/WLB-2017020112http://www.securityfocus.com/bid/96231https://www.exploit-db.com/exploits/41350/https://security-tracker.debian.org/tracker/CVE-2017-5972https://bugzilla.redhat.com/show_bug.cgi?id=1422081https://access.redhat.com/security/cve/cve-2017-5972https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.htmlhttp://seclists.org/oss-sec/2017/q1/573https://nvd.nist.govhttps://www.exploit-db.com/exploits/41350/https://access.redhat.com/security/cve/cve-2017-5972
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook