ID

VAR-201607-0547


CVE

CVE-2016-2074


TITLE

Open vSwitch of ovs-vswitchd of lib/flow.c Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2016-003485

DESCRIPTION

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. Open vSwitch is prone to multiple remote buffer-overflow vulnerabilities because it fails to adequately bounds check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow attackers to execute arbitrary code or cause denial-of-service conditions. It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. The following versions are affected: OVS Version 2.2.x, Version 2.3.x, Version 2.4.x. Background ========== Open vSwitch is a production quality multilayer virtual switch. Workaround ========== There is no known workaround at this time. Resolution ========== All Open vSwitch users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.5.0" References ========== [ 1 ] CVE-2016-2074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2074 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --FOwRaKoxFb5txc6jCpaFu8xVgvCjK1wAH-- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openvswitch security update Advisory ID: RHSA-2016:0615-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:0615 Issue date: 2016-04-11 CVE Names: CVE-2016-2074 ===================================================================== 1. Summary: Updated openvswitch packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Enterprise 3.1 - noarch, x86_64 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code. (CVE-2016-2074) Red Hat would like to thank the Open vSwitch Project for reporting these issues. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as the original reporters of CVE-2016-2074. This update includes the following images: openshift3/openvswitch:v3.1.1.6-9 aep3_beta/openvswitch:v3.1.1.6-9 openshift3/node:v3.1.1.6-16 aep3_beta/node:v3.1.1.6-16 All openvswitch users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability 6. Package List: Red Hat OpenShift Enterprise 3.1: Source: openvswitch-2.4.0-2.el7_2.src.rpm noarch: openvswitch-test-2.4.0-2.el7_2.noarch.rpm python-openvswitch-2.4.0-2.el7_2.noarch.rpm x86_64: openvswitch-2.4.0-2.el7_2.x86_64.rpm openvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm openvswitch-devel-2.4.0-2.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2074 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXDKHJXlSAg2UNWIIRArVMAJ9kWC3bedooegoZ6ADWrLKD9xKzCQCfUQmK /IpUBYvFD22Fc2VwgoAoq2g= =EyZn -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (jessie), this problem has been fixed in version 2.3.0+git20140819-3+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 2.3.0+git20140819-4. We recommend that you upgrade your openvswitch packages. Description: Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic

Trust: 2.61

sources: NVD: CVE-2016-2074 // JVNDB: JVNDB-2016-003485 // BID: 85700 // VULHUB: VHN-90893 // VULMON: CVE-2016-2074 // PACKETSTORM: 140320 // PACKETSTORM: 136659 // PACKETSTORM: 136470 // PACKETSTORM: 136464 // PACKETSTORM: 136469 // PACKETSTORM: 136483

AFFECTED PRODUCTS

vendor:redhatmodel:openshiftscope:eqversion:3.1

Trust: 1.6

vendor:openvswitchmodel:openvswitchscope:eqversion:2.4.0

Trust: 1.0

vendor:openvswitchmodel:openvswitchscope:eqversion:2.3.2

Trust: 1.0

vendor:openvswitchmodel:openvswitchscope:eqversion:2.3.0

Trust: 1.0

vendor:openvswitchmodel:openvswitchscope:eqversion:2.3.1

Trust: 1.0

vendor:openvswitchmodel:openvswitchscope:eqversion:2.2.0

Trust: 1.0

vendor:open vswitchmodel:open vswitchscope:ltversion:2.4.x

Trust: 0.8

vendor:open vswitchmodel:open vswitchscope:ltversion:2.3.x

Trust: 0.8

vendor:red hatmodel:openshiftscope:eqversion:enterprise

Trust: 0.8

vendor:open vswitchmodel:open vswitchscope:eqversion:2.3.3

Trust: 0.8

vendor:open vswitchmodel:open vswitchscope:eqversion:2.2.x

Trust: 0.8

vendor:open vswitchmodel:open vswitchscope:eqversion:2.4.1

Trust: 0.8

vendor:redhatmodel:openstackscope:eqversion:7.0

Trust: 0.3

vendor:redhatmodel:enterprise linux openstack platform for rhelscope:eqversion:75.0

Trust: 0.3

vendor:openmodel:vswitch open vswitchscope:eqversion:2.4

Trust: 0.3

vendor:openmodel:vswitch open vswitchscope:eqversion:2.3

Trust: 0.3

vendor:openmodel:vswitch open vswitchscope:eqversion:2.2

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:citrixmodel:xenserver cu1scope:eqversion:7.1

Trust: 0.3

vendor:citrixmodel:xenserverscope:eqversion:7.0

Trust: 0.3

vendor:openmodel:vswitch open vswitchscope:neversion:2.5

Trust: 0.3

sources: BID: 85700 // JVNDB: JVNDB-2016-003485 // CNNVD: CNNVD-201603-406 // NVD: CVE-2016-2074

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2074
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-2074
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201603-406
value: HIGH

Trust: 0.6

VULHUB: VHN-90893
value: HIGH

Trust: 0.1

VULMON: CVE-2016-2074
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-2074
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90893
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-2074
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90893 // VULMON: CVE-2016-2074 // JVNDB: JVNDB-2016-003485 // CNNVD: CNNVD-201603-406 // NVD: CVE-2016-2074

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-90893 // JVNDB: JVNDB-2016-003485 // NVD: CVE-2016-2074

THREAT TYPE

remote

Trust: 1.2

sources: PACKETSTORM: 140320 // PACKETSTORM: 136659 // PACKETSTORM: 136470 // PACKETSTORM: 136464 // PACKETSTORM: 136469 // PACKETSTORM: 136483 // CNNVD: CNNVD-201603-406

TYPE

overflow, arbitrary

Trust: 0.6

sources: PACKETSTORM: 140320 // PACKETSTORM: 136659 // PACKETSTORM: 136470 // PACKETSTORM: 136464 // PACKETSTORM: 136469 // PACKETSTORM: 136483

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003485

PATCH

title:[ovs-announce] Open vSwitch 2.4.1 and 2.3.3 Availableurl:http://openvswitch.org/pipermail/announce/2016-March/000083.html

Trust: 0.8

title:Top Pageurl:http://openvswitch.org/

Trust: 0.8

title:[ovs-announce] CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitchurl:http://openvswitch.org/pipermail/announce/2016-March/000082.html

Trust: 0.8

title:Bug 1318553url:https://bugzilla.redhat.com/show_bug.cgi?id=1318553

Trust: 0.8

title:RHSA-2016:0615url:https://access.redhat.com/errata/RHSA-2016:0615

Trust: 0.8

title:CVE-2016-2074url:https://security-tracker.debian.org/tracker/CVE-2016-2074

Trust: 0.8

title:Debian Security Advisories: DSA-3533-1 openvswitch -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=315e4d420e18888a1f323d0bb1f6011f

Trust: 0.1

title:Red Hat: CVE-2016-2074url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-2074

Trust: 0.1

title:Citrix Security Bulletins: Citrix XenServer Multiple Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=181b7d97210e9284f8fa51fda2290181

Trust: 0.1

title:secure-vhosturl:https://github.com/ictyangye/secure-vhost

Trust: 0.1

sources: VULMON: CVE-2016-2074 // JVNDB: JVNDB-2016-003485

EXTERNAL IDS

db:NVDid:CVE-2016-2074

Trust: 3.5

db:BIDid:85700

Trust: 1.5

db:JVNDBid:JVNDB-2016-003485

Trust: 0.8

db:OPENWALLid:OSS-SECURITY/2016/03/29/1

Trust: 0.6

db:CNNVDid:CNNVD-201603-406

Trust: 0.6

db:PACKETSTORMid:136483

Trust: 0.2

db:PACKETSTORMid:136470

Trust: 0.2

db:PACKETSTORMid:136659

Trust: 0.2

db:PACKETSTORMid:136469

Trust: 0.2

db:PACKETSTORMid:136464

Trust: 0.2

db:VULHUBid:VHN-90893

Trust: 0.1

db:VULMONid:CVE-2016-2074

Trust: 0.1

db:PACKETSTORMid:140320

Trust: 0.1

sources: VULHUB: VHN-90893 // VULMON: CVE-2016-2074 // BID: 85700 // JVNDB: JVNDB-2016-003485 // PACKETSTORM: 140320 // PACKETSTORM: 136659 // PACKETSTORM: 136470 // PACKETSTORM: 136464 // PACKETSTORM: 136469 // PACKETSTORM: 136483 // CNNVD: CNNVD-201603-406 // NVD: CVE-2016-2074

REFERENCES

url:https://bugzilla.redhat.com/show_bug.cgi?id=1318553

Trust: 1.8

url:https://security-tracker.debian.org/tracker/cve-2016-2074

Trust: 1.8

url:http://openvswitch.org/pipermail/announce/2016-march/000082.html

Trust: 1.8

url:http://openvswitch.org/pipermail/announce/2016-march/000083.html

Trust: 1.8

url:https://support.citrix.com/article/ctx232655

Trust: 1.5

url:http://www.securityfocus.com/bid/85700

Trust: 1.3

url:https://security.gentoo.org/glsa/201701-07

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2016-0523.html

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2016-0524.html

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2016-0537.html

Trust: 1.3

url:https://access.redhat.com/errata/rhsa-2016:0615

Trust: 1.3

url:http://www.debian.org/security/2016/dsa-3533

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2074

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2074

Trust: 0.8

url:http://www.openwall.com/lists/oss-security/2016/03/29/1

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2016-2074

Trust: 0.5

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-2074

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:http://openvswitch.org/

Trust: 0.3

url:http://seclists.org/oss-sec/2016/q1/706

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2016:0537

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://github.com/ictyangye/secure-vhost

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.debian.org/security/./dsa-3533

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

sources: VULHUB: VHN-90893 // VULMON: CVE-2016-2074 // BID: 85700 // JVNDB: JVNDB-2016-003485 // PACKETSTORM: 140320 // PACKETSTORM: 136659 // PACKETSTORM: 136470 // PACKETSTORM: 136464 // PACKETSTORM: 136469 // PACKETSTORM: 136483 // CNNVD: CNNVD-201603-406 // NVD: CVE-2016-2074

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 136659 // PACKETSTORM: 136470 // PACKETSTORM: 136469 // PACKETSTORM: 136483

SOURCES

db:VULHUBid:VHN-90893
db:VULMONid:CVE-2016-2074
db:BIDid:85700
db:JVNDBid:JVNDB-2016-003485
db:PACKETSTORMid:140320
db:PACKETSTORMid:136659
db:PACKETSTORMid:136470
db:PACKETSTORMid:136464
db:PACKETSTORMid:136469
db:PACKETSTORMid:136483
db:CNNVDid:CNNVD-201603-406
db:NVDid:CVE-2016-2074

LAST UPDATE DATE

2024-08-14T14:39:58.087000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-90893date:2018-03-23T00:00:00
db:VULMONid:CVE-2016-2074date:2018-03-23T00:00:00
db:BIDid:85700date:2018-03-23T08:00:00
db:JVNDBid:JVNDB-2016-003485date:2016-09-05T00:00:00
db:CNNVDid:CNNVD-201603-406date:2016-07-04T00:00:00
db:NVDid:CVE-2016-2074date:2018-03-23T01:29:00.523

SOURCES RELEASE DATE

db:VULHUBid:VHN-90893date:2016-07-03T00:00:00
db:VULMONid:CVE-2016-2074date:2016-07-03T00:00:00
db:BIDid:85700date:2016-03-28T00:00:00
db:JVNDBid:JVNDB-2016-003485date:2016-07-11T00:00:00
db:PACKETSTORMid:140320date:2017-01-02T16:48:46
db:PACKETSTORMid:136659date:2016-04-12T15:13:15
db:PACKETSTORMid:136470date:2016-03-30T15:10:59
db:PACKETSTORMid:136464date:2016-03-29T15:15:27
db:PACKETSTORMid:136469date:2016-03-30T15:10:48
db:PACKETSTORMid:136483date:2016-03-30T23:29:15
db:CNNVDid:CNNVD-201603-406date:2016-03-29T00:00:00
db:NVDid:CVE-2016-2074date:2016-07-03T21:59:10.837