Waiting verification - BackBox OS - Denial of Service

Started by cads, April 06, 2017, 05:33:36 AM

Previous topic - Next topic

cads


ostendali

#1
Hi there,
we have been informed about this by one of our members yesterday who posted the same question and all of BackBox core team was focused trying to verify the case.

First of all, CVE registration requires (among other things) that the vendor should be notified in order to acknowledge the case and this didn't happen. The author of the exploit did not reach out to us nor any of his associate did attempt to get in touch with us in relation to this discovery.

Said that, as I mentioned earlier, our team was testing the exploit in order to confirm the statement published at:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7397

We have performed several test on both BackBox 4.6 and and the latest stable release 4.7 and the result was absolutely negative. The system did not have any crash or even smaller CPU consumption.

Therefore we have opened a dispute with Mitre (which you can find it in the CVE page now) to declare the author's statement totally false without foundations and proof of concept.

We would like to invite anyone, including the author to prove us otherwise. As everyone knows and, we state whenever we get a chance, that we are a Free Open Source Software Community and as such we will be delighted if someone will report us bugs and/or vulnerabilities on our system. This is what a community made for in the other end.

But in this particular case I regrettable have to declare that the author of CVE-2017-7397 published false information beside the fact that he used an old recycled exploit which can be found:

   https://www.exploit-db.com/exploits/41350/

It is fake based on his own comments in the CVE with particular reference to RFC1812.

   https://tools.ietf.org/html/rfc1812


I am just going to take a snippet form RFC1812, an introductory paraghraph:


     This memo defines and discusses requirements for devices that perform
 the network layer forwarding function of the Internet protocol suite.
 The Internet community usually refers to such devices as IP routers or
 simply routers; The OSI community refers to such devices as
 intermediate systems.  Many older Internet documents refer to these
 devices as gateways, a name which more recently has largely passed out
 of favor to avoid confusion with application gateways.

 An IP router can be distinguished from other sorts of packet switching
 devices in that a router examines the IP protocol header as part of
 the switching process.  It generally removes the Link Layer header a
 message was received with, modifies the IP header, and replaces the
 Link Layer header for retransmission.


There is no need to even comment anything here, it is clearly mentions and states that it refers to network layer and in more specific routers. So the author of CVE must be living in some dreams ;D.

We BackBox Team, will produce a full article with screenshots/steps and publish on our blog.

We will provide the link as soon as we place the article.

Thanks

BackBox Team

cads

Thanks for the quick feedback.

Good Job!

Best regards.