Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2017-18017

Disclosure Date: January 03, 2018
CVE-2017-18017 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • arista,
  • canonical,
  • debian,
  • f5,
  • linux,
  • openstack,
  • opensuse,
  • redhat,
  • suse

Products

  • arx,
  • caas platform,
  • cloud magnum orchestration 7,
  • debian linux 7.0,
  • debian linux 8.0,
  • enterprise linux desktop 6.0,
  • enterprise linux desktop 7.0,
  • enterprise linux eus 7.3,
  • enterprise linux eus 7.4,
  • enterprise linux eus 7.6,
  • enterprise linux eus 7.7,
  • enterprise linux for real time 7,
  • enterprise linux for real time for nfv 7,
  • enterprise linux server 6.0,
  • enterprise linux server 7.0,
  • enterprise linux server aus 7.3,
  • enterprise linux server aus 7.4,
  • enterprise linux server aus 7.6,
  • enterprise linux server aus 7.7,
  • enterprise linux server tus 7.3,
  • enterprise linux server tus 7.4,
  • enterprise linux server tus 7.6,
  • enterprise linux server tus 7.7,
  • enterprise linux workstation 6.0,
  • enterprise linux workstation 7.0,
  • eos 4.20.1fx-virtual-router,
  • leap 42.3,
  • linux enterprise debuginfo 11,
  • linux enterprise desktop 12,
  • linux enterprise high availability 12,
  • linux enterprise high availability extension 11,
  • linux enterprise live patching 12,
  • linux enterprise module for public cloud 12,
  • linux enterprise point of sale 11,
  • linux enterprise real time extension 11,
  • linux enterprise real time extension 12,
  • linux enterprise server 11,
  • linux enterprise server 12,
  • linux enterprise software development kit 11,
  • linux enterprise software development kit 12,
  • linux enterprise workstation extension 12,
  • linux kernel,
  • mrg realtime 2.0,
  • openstack cloud 6,
  • ubuntu linux 12.04,
  • ubuntu linux 14.04

References

Canonical
CVE-2017-18017 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18017)
BID-102367 (http://www.securityfocus.com/bid/102367)
Advisory
DSA-4187 (https://www.debian.org/security/2018/dsa-4187)
USN-3583-2 (https://usn.ubuntu.com/3583-2)
https://access.redhat.com/errata/RHSA-2018:1737
https://access.redhat.com/errata/RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:1319
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
USN-3583-1 (https://usn.ubuntu.com/3583-1)
https://access.redhat.com/errata/RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:1170
https://access.redhat.com/errata/RHSA-2018:1130
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html)
USN-3583-2 (https://usn.ubuntu.com/3583-2/)
USN-3583-1 (https://usn.ubuntu.com/3583-1/)
SUSE-SU-2018:0834 (http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html)
SUSE-SU-2018:0848 (http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html)
SUSE-SU-2018:0383 (http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html)
USN-3583-1 (http://www.ubuntu.com/usn/USN-3583-1)
https://support.f5.com/csp/article/K18352029
SUSE-SU-2018:0555 (http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html)
openSUSE-SU-2018:0408 (http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html)
SUSE-SU-2018:0986 (http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html)
SUSE-SU-2018:0416 (http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html)
SUSE-SU-2018:0482 (http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html)
SUSE-SU-2018:0841 (http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html)
USN-3583-2 (http://www.ubuntu.com/usn/USN-3583-2)
SUSE-SU-2018:0660 (http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html)
Miscellaneous
http://patchwork.ozlabs.org/patch/746618
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36
https://lkml.org/lkml/2017/4/2/13
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765
https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=2638fd0f92d4397884fd991d8f4925cb3f081901
http://patchwork.ozlabs.org/patch/746618/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901
https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis