Details of VAR-201705-3788

ID

VAR-201705-3788

CVE

CVE-2017-9263

TITLE

Open vSwitch Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004541

DESCRIPTION

In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. Open vSwitch (OvS) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Open vSwitch (OvS) is a multi-layer virtual switch product based on open source technology (according to the Apache2.0 license). It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. There is a security vulnerability in the 'ofp_print_role_status_message' function of lib/ofp-print.c file in OvS 2.7.0 version. ========================================================================== Ubuntu Security Notice USN-3450-1 October 11, 2017 openvswitch vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Open vSwitch. Software Description: - openvswitch: Ethernet virtual switch Details: Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. (CVE-2017-9214) It was discovered that Open vSwitch incorrectly handled certain OpenFlow role messages. (CVE-2017-9263) It was discovered that Open vSwitch incorrectly handled certain malformed packets. This issue only affected Ubuntu 17.04. (CVE-2017-9265) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: openvswitch-common 2.6.1-0ubuntu5.1 Ubuntu 16.04 LTS: openvswitch-common 2.5.2-0ubuntu0.16.04.2 In general, a standard system update will make all the necessary changes. 1473735 - ovs-vswitchd crashes with SIGSEGV randomly when adding/removing interfaces 6. X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 03 Aug 2017 12:39:24 +0000 (UTC) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openvswitch security, bug fix, and enhancement update Advisory ID: RHSA-2017:2418-01 Product: Fast Datapath Advisory URL: https://access.redhat.com/errata/RHSA-2017:2418 Issue date: 2017-08-03 CVE Names: CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265 ===================================================================== 1. Summary: An update for openvswitch is now available for Fast Datapath for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Channel to provide early releases to layered products - noarch, x86_64 3. Description: Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. The following packages have been upgraded to a later upstream version: openvswitch (2.7.2). (BZ#1472854) Security Fix(es): * An unsigned int wrap around leading to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this flaw to cause a remote DoS. (CVE-2017-9263) * A buffer over-read was found in the Open vSwitch (OvS) firewall implementation. This flaw can be triggered by parsing a specially crafted TCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a Denial of Service (DoS). (CVE-2017-9264) * A buffer over-read flaw was found in Open vSwitch (OvS) while parsing the group mod OpenFlow messages sent from the controller. An attacker could use this flaw to cause a Denial of Service (DoS). (CVE-2017-9265) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1456795 - CVE-2017-9214 openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function 1457327 - CVE-2017-9263 openvswitch: Invalid processing of a malicious OpenFlow role status message 1457329 - CVE-2017-9264 openvswitch: Buffer over-read while parsing malformed TCP, UDP and IPv6 packets 1457335 - CVE-2017-9265 openvswitch: Buffer over-read while parsing the group mod OpenFlow message 1472729 - /usr/lib/ocf/resource.d/ovn/ovndb-servers is missing in the openvswitch.spec file 1472854 - [fdProd] Update OVS to 2.7.2 6. Package List: Channel to provide early releases to layered products: Source: openvswitch-2.7.2-1.git20170719.el7fdp.src.rpm noarch: openvswitch-test-2.7.2-1.git20170719.el7fdp.noarch.rpm python-openvswitch-2.7.2-1.git20170719.el7fdp.noarch.rpm x86_64: openvswitch-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-debuginfo-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-devel-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-central-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-common-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-docker-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-host-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-vtep-2.7.2-1.git20170719.el7fdp.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-9214 https://access.redhat.com/security/cve/CVE-2017-9263 https://access.redhat.com/security/cve/CVE-2017-9264 https://access.redhat.com/security/cve/CVE-2017-9265 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZgxmYXlSAg2UNWIIRAuzuAJ9Dngapo5j66itwFnpsvl92GKMAywCfb2Ah V7og7GgSn4a1oFzQjIZHeXk= =qOi+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.34

sources: NVD: CVE-2017-9263 // JVNDB: JVNDB-2017-004541 // VULHUB: VHN-117466 // PACKETSTORM: 143959 // PACKETSTORM: 144028 // PACKETSTORM: 144576 // PACKETSTORM: 144026 // PACKETSTORM: 144124 // PACKETSTORM: 143646 // PACKETSTORM: 144115

AFFECTED PRODUCTS

vendor:	openvswitch	model:	openvswitch	scope:	eq	version:	2.7.0	Trust: 1.6
vendor:	open vswitch	model:	open vswitch	scope:	eq	version:	2.7.0	Trust: 0.8

sources: JVNDB: JVNDB-2017-004541 // CNNVD: CNNVD-201705-1373 // NVD: CVE-2017-9263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9263
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-9263
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201705-1373
value:	LOW
Trust: 0.6
VULHUB:	VHN-117466
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-9263
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-117466
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9263
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-117466 // JVNDB: JVNDB-2017-004541 // CNNVD: CNNVD-201705-1373 // NVD: CVE-2017-9263

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-117466 // JVNDB: JVNDB-2017-004541 // NVD: CVE-2017-9263

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 143959 // PACKETSTORM: 144028 // PACKETSTORM: 144576 // PACKETSTORM: 144026 // PACKETSTORM: 144124 // PACKETSTORM: 143646 // PACKETSTORM: 144115

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201705-1373

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004541

PATCH

title:	[ovs-dev] [PATCH] ofp-print: Don't abort on unknown reason in role status message.	url:	https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html	Trust: 0.8
title:	Open vSwitch Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70639	Trust: 0.6

sources: JVNDB: JVNDB-2017-004541 // CNNVD: CNNVD-201705-1373

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9263	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-004541	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-1373	Trust: 0.7
db:	VULHUB	id:	VHN-117466	Trust: 0.1
db:	PACKETSTORM	id:	143959	Trust: 0.1
db:	PACKETSTORM	id:	144028	Trust: 0.1
db:	PACKETSTORM	id:	144576	Trust: 0.1
db:	PACKETSTORM	id:	144026	Trust: 0.1
db:	PACKETSTORM	id:	144124	Trust: 0.1
db:	PACKETSTORM	id:	143646	Trust: 0.1
db:	PACKETSTORM	id:	144115	Trust: 0.1

sources: VULHUB: VHN-117466 // JVNDB: JVNDB-2017-004541 // PACKETSTORM: 143959 // PACKETSTORM: 144028 // PACKETSTORM: 144576 // PACKETSTORM: 144026 // PACKETSTORM: 144124 // PACKETSTORM: 143646 // PACKETSTORM: 144115 // CNNVD: CNNVD-201705-1373 // NVD: CVE-2017-9263

REFERENCES

url:	https://mail.openvswitch.org/pipermail/ovs-dev/2017-may/332966.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9263	Trust: 1.5
url:	https://access.redhat.com/errata/rhsa-2017:2418	Trust: 1.2
url:	https://access.redhat.com/errata/rhsa-2017:2553	Trust: 1.2
url:	https://access.redhat.com/errata/rhsa-2017:2648	Trust: 1.2
url:	https://access.redhat.com/errata/rhsa-2017:2665	Trust: 1.2
url:	https://access.redhat.com/errata/rhsa-2017:2692	Trust: 1.2
url:	https://access.redhat.com/errata/rhsa-2017:2698	Trust: 1.2
url:	https://access.redhat.com/errata/rhsa-2017:2727	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9263	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9265	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9214	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2017-9265	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2017-9263	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2017-9214	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9264	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-9264	Trust: 0.2
url:	https://www.ubuntu.com/usn/usn-3450-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openvswitch/2.6.1-0ubuntu5.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openvswitch/2.5.2-0ubuntu0.16.04.2	Trust: 0.1

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 143959 // PACKETSTORM: 144028 // PACKETSTORM: 144026 // PACKETSTORM: 144124 // PACKETSTORM: 143646 // PACKETSTORM: 144115

SOURCES

db:	VULHUB	id:	VHN-117466
db:	JVNDB	id:	JVNDB-2017-004541
db:	PACKETSTORM	id:	143959
db:	PACKETSTORM	id:	144028
db:	PACKETSTORM	id:	144576
db:	PACKETSTORM	id:	144026
db:	PACKETSTORM	id:	144124
db:	PACKETSTORM	id:	143646
db:	PACKETSTORM	id:	144115
db:	CNNVD	id:	CNNVD-201705-1373
db:	NVD	id:	CVE-2017-9263

LAST UPDATE DATE

2024-11-23T19:29:12.885000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-117466	date:	2018-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-004541	date:	2017-06-28T00:00:00
db:	CNNVD	id:	CNNVD-201705-1373	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-9263	date:	2024-11-21T03:35:42.780

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-117466	date:	2017-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-004541	date:	2017-06-28T00:00:00
db:	PACKETSTORM	id:	143959	date:	2017-08-30T10:11:00
db:	PACKETSTORM	id:	144028	date:	2017-09-06T17:22:00
db:	PACKETSTORM	id:	144576	date:	2017-10-12T13:40:31
db:	PACKETSTORM	id:	144026	date:	2017-09-06T17:18:00
db:	PACKETSTORM	id:	144124	date:	2017-09-13T05:13:56
db:	PACKETSTORM	id:	143646	date:	2017-08-04T05:19:21
db:	PACKETSTORM	id:	144115	date:	2017-09-13T05:11:26
db:	CNNVD	id:	CNNVD-201705-1373	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-9263	date:	2017-05-29T04:29:00.353