Google Android Kernel Networking Subsystem information disclosure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.2 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Google Android. Affected by this issue is some unknown functionality of the component Kernel Networking Subsystem. This manipulation causes information disclosure. This vulnerability is handled as CVE-2016-5696. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability was found in Google Android (Smartphone Operating System) (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Kernel Networking Subsystem. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect availability. The summary by CVE is:
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
The bug was discovered 07/11/2016. The weakness was released 10/05/2016 as Android Security Bulletin - October 2016 as confirmed security bulletin (Website). The advisory is shared at source.android.com. This vulnerability is known as CVE-2016-5696 since 06/16/2016. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1592 for this issue.
The vulnerability was handled as a non-public zero-day exploit for at least 26 days. During that time the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 93099 (CentOS 6 : kernel (CESA-2016:1664)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CentOS Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 157314 (Oracle Enterprise Linux Security Update for kernel (ELSA-2016-2574)-Deprecated).
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 40063.
The vulnerability is also documented in the databases at Tenable (93099) and SecurityFocus (BID 91704†). Entries connected to this vulnerability are available at VDB-82951, VDB-82953, VDB-82963 and VDB-82965. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.google.com/
CPE 2.3
CPE 2.2
Video
Youtube: Not available anymoreCVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.2VulDB Meta Temp Score: 4.2
VulDB Base Score: 3.7
VulDB Temp Score: 3.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 4.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 93099
Nessus Name: CentOS 6 : kernel (CESA-2016:1664)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 61470
OpenVAS Name: RedHat Update for kernel RHSA-2016:1633-01
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: git.kernel.org
Snort ID: 40063
Snort Message: OS-LINUX Linux Kernel Challenge ACK provocation attempt
Snort Class: 🔍
Suricata ID: 2023140
Suricata Class: 🔍
Suricata Message: 🔍
Timeline
06/16/2016 🔍07/11/2016 🔍
07/12/2016 🔍
08/06/2016 🔍
08/25/2016 🔍
10/05/2016 🔍
10/05/2016 🔍
10/05/2016 🔍
09/22/2022 🔍
Sources
Vendor: google.comAdvisory: Android Security Bulletin - October 2016
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2016-5696 (🔍)
GCVE (CVE): GCVE-0-2016-5696
GCVE (VulDB): GCVE-100-92401
OVAL: 🔍
SecurityFocus: 91704 - Linux Kernel 'Ack Challenge' Information Disclosure Vulnerability
SecurityTracker: 1036625
scip Labs: https://www.scip.ch/en/?labs.20150917
See also: 🔍
Entry
Created: 10/05/2016 10:44Updated: 09/22/2022 10:26
Changes: 10/05/2016 10:44 (81), 07/17/2019 20:45 (10), 09/22/2022 10:26 (5)
Complete: 🔍
Cache ID: 216:08B:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.