Pages: [1]   Go Down
Print
Author Topic: Waiting verification - BackBox OS - Denial of Service  (Read 50142 times)
cads
Newbie
*
Posts: 2


View Profile
« on: April 06, 2017, 04:33:36 AM »

Is this true Huh

Could anyone on the team return a feed back Huh

https://www.exploit-db.com/exploits/41781
Logged
ostendali
Global Moderator
Hero Member
*****
Posts: 534


View Profile
« Reply #1 on: April 06, 2017, 03:06:37 PM »

Hi there,
we have been informed about this by one of our members yesterday who posted the same question and all of BackBox core team was focused trying to verify the case.

First of all, CVE registration requires (among other things) that the vendor should be notified in order to acknowledge the case and this didn't happen. The author of the exploit did not reach out to us nor any of his associate did attempt to get in touch with us in relation to this discovery.

Said that, as I mentioned earlier, our team was testing the exploit in order to confirm the statement published at:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7397

We have performed several test on both BackBox 4.6 and and the latest stable release 4.7 and the result was absolutely negative. The system did not have any crash or even smaller CPU consumption.

Therefore we have opened a dispute with Mitre (which you can find it in the CVE page now) to declare the author's statement totally false without foundations and proof of concept.

We would like to invite anyone, including the author to prove us otherwise. As everyone knows and, we state whenever we get a chance, that we are a Free Open Source Software Community and as such we will be delighted if someone will report us bugs and/or vulnerabilities on our system. This is what a community made for in the other end.

But in this particular case I regrettable have to declare that the author of CVE-2017-7397 published false information beside the fact that he used an old recycled exploit which can be found:

   https://www.exploit-db.com/exploits/41350/

It is fake based on his own comments in the CVE with particular reference to RFC1812.

   https://tools.ietf.org/html/rfc1812


I am just going to take a snippet form RFC1812, an introductory paraghraph:


     This memo defines and discusses requirements for devices that perform
  the network layer forwarding function of the Internet protocol suite.
  The Internet community usually refers to such devices as IP routers or
  simply routers; The OSI community refers to such devices as
  intermediate systems.  Many older Internet documents refer to these
  devices as gateways, a name which more recently has largely passed out
  of favor to avoid confusion with application gateways.

  An IP router can be distinguished from other sorts of packet switching
  devices in that a router examines the IP protocol header as part of
  the switching process.  It generally removes the Link Layer header a
  message was received with, modifies the IP header, and replaces the
  Link Layer header for retransmission.


There is no need to even comment anything here, it is clearly mentions and states that it refers to network layer and in more specific routers. So the author of CVE must be living in some dreams Grin.

We BackBox Team, will produce a full article with screenshots/steps and publish on our blog.

We will provide the link as soon as we place the article.

Thanks

BackBox Team
« Last Edit: April 06, 2017, 03:41:03 PM by ostendali » Logged
cads
Newbie
*
Posts: 2


View Profile
« Reply #2 on: April 08, 2017, 03:43:23 AM »

Thanks for the quick feedback.

Good Job!

Best regards.
Logged
Pages: [1]   Go Up
Print
Jump to: