Details of VAR-201705-3790

ID

VAR-201705-3790

CVE

CVE-2017-9265

TITLE

Open vSwitch Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004543

DESCRIPTION

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. Open vSwitch (OvS) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Open vSwitch is prone to the following multiple security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. A denial-of-service vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions. Open vSwitch (OvS) is a multi-layer virtual switch product based on open source technology (according to the Apache2.0 license). It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. There is a security vulnerability in the 'ofputil_pull_ofp15_group_mod' function in lib/ofp-util.c file in OvS 2.7.0 version. ========================================================================== Ubuntu Security Notice USN-3450-1 October 11, 2017 openvswitch vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Open vSwitch. Software Description: - openvswitch: Ethernet virtual switch Details: Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. (CVE-2017-9214) It was discovered that Open vSwitch incorrectly handled certain OpenFlow role messages. (CVE-2017-9263) It was discovered that Open vSwitch incorrectly handled certain malformed packets. This issue only affected Ubuntu 17.04. (CVE-2017-9265) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: openvswitch-common 2.6.1-0ubuntu5.1 Ubuntu 16.04 LTS: openvswitch-common 2.5.2-0ubuntu0.16.04.2 In general, a standard system update will make all the necessary changes. X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 03 Aug 2017 12:39:24 +0000 (UTC) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openvswitch security, bug fix, and enhancement update Advisory ID: RHSA-2017:2418-01 Product: Fast Datapath Advisory URL: https://access.redhat.com/errata/RHSA-2017:2418 Issue date: 2017-08-03 CVE Names: CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265 ===================================================================== 1. Summary: An update for openvswitch is now available for Fast Datapath for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Channel to provide early releases to layered products - noarch, x86_64 3. Description: Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. The following packages have been upgraded to a later upstream version: openvswitch (2.7.2). An attacker could use this flaw to cause a remote DoS. (CVE-2017-9214) * In Open vSwitch (OvS), while parsing an OpenFlow role status message there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. (CVE-2017-9263) * A buffer over-read was found in the Open vSwitch (OvS) firewall implementation. This flaw can be triggered by parsing a specially crafted TCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a Denial of Service (DoS). An attacker could use this flaw to cause a Denial of Service (DoS). (CVE-2017-9265) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Channel to provide early releases to layered products: Source: openvswitch-2.7.2-1.git20170719.el7fdp.src.rpm noarch: openvswitch-test-2.7.2-1.git20170719.el7fdp.noarch.rpm python-openvswitch-2.7.2-1.git20170719.el7fdp.noarch.rpm x86_64: openvswitch-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-debuginfo-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-devel-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-central-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-common-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-docker-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-host-2.7.2-1.git20170719.el7fdp.x86_64.rpm openvswitch-ovn-vtep-2.7.2-1.git20170719.el7fdp.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-9214 https://access.redhat.com/security/cve/CVE-2017-9263 https://access.redhat.com/security/cve/CVE-2017-9264 https://access.redhat.com/security/cve/CVE-2017-9265 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZgxmYXlSAg2UNWIIRAuzuAJ9Dngapo5j66itwFnpsvl92GKMAywCfb2Ah V7og7GgSn4a1oFzQjIZHeXk= =qOi+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.61

sources: NVD: CVE-2017-9265 // JVNDB: JVNDB-2017-004543 // BID: 102342 // VULHUB: VHN-117468 // VULMON: CVE-2017-9265 // PACKETSTORM: 144028 // PACKETSTORM: 144576 // PACKETSTORM: 144137 // PACKETSTORM: 144124 // PACKETSTORM: 143646 // PACKETSTORM: 144115

AFFECTED PRODUCTS

vendor:	openvswitch	model:	openvswitch	scope:	eq	version:	2.7.0	Trust: 1.6
vendor:	open vswitch	model:	open vswitch	scope:	eq	version:	2.7.0	Trust: 0.8
vendor:	redhat	model:	rhev-m	scope:	eq	version:	4.0	Trust: 0.3
vendor:	redhat	model:	openstack platform	scope:	eq	version:	8.0	Trust: 0.3
vendor:	redhat	model:	openstack platform	scope:	eq	version:	11	Trust: 0.3
vendor:	redhat	model:	openstack platform	scope:	eq	version:	10	Trust: 0.3
vendor:	redhat	model:	enterprise linux openstack platform for rhel	scope:	eq	version:	7.07	Trust: 0.3
vendor:	redhat	model:	enterprise linux openstack platform for rhel	scope:	eq	version:	6.07	Trust: 0.3
vendor:	redhat	model:	enterprise linux openstack platform for rhel	scope:	eq	version:	5.06	Trust: 0.3
vendor:	open	model:	vswitch open vswitch	scope:	eq	version:	2.7	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	3.1	Trust: 0.3

sources: BID: 102342 // JVNDB: JVNDB-2017-004543 // CNNVD: CNNVD-201705-1371 // NVD: CVE-2017-9265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9265
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-9265
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201705-1371
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-117468
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-9265
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-9265
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-117468
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9265
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-117468 // VULMON: CVE-2017-9265 // JVNDB: JVNDB-2017-004543 // CNNVD: CNNVD-201705-1371 // NVD: CVE-2017-9265

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-117468 // JVNDB: JVNDB-2017-004543 // NVD: CVE-2017-9265

THREAT TYPE

remote

Trust: 1.2

sources: PACKETSTORM: 144028 // PACKETSTORM: 144576 // PACKETSTORM: 144137 // PACKETSTORM: 144124 // PACKETSTORM: 143646 // PACKETSTORM: 144115 // CNNVD: CNNVD-201705-1371

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201705-1371

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004543

PATCH

title:	[ovs-dev] [PATCH] ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod().	url:	https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html	Trust: 0.8
title:	Open vSwitch Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70637	Trust: 0.6
title:	Red Hat: Moderate: openvswitch security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172727 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openvswitch vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3450-1	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2017-14970	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=2c7af95e04ec04bdfb8ed4f68530065f	Trust: 0.1
title:	Debian CVElist Bug Report Logs: openvswitch: CVE-2017-9263	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f5b09675c6b0fd5f83cad8b7bd0ee924	Trust: 0.1
title:	Debian CVElist Bug Report Logs: openvswtich: CVE-2017-9214	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=873840e912815b2d58f98c752db7e483	Trust: 0.1
title:	Debian CVElist Bug Report Logs: openvswitch: CVE-2017-9264	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=bc95f9d24501fd1f767b4fd4508d214e	Trust: 0.1

sources: VULMON: CVE-2017-9265 // JVNDB: JVNDB-2017-004543 // CNNVD: CNNVD-201705-1371

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9265	Trust: 3.5
db:	JVNDB	id:	JVNDB-2017-004543	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-1371	Trust: 0.7
db:	BID	id:	102342	Trust: 0.4
db:	VULHUB	id:	VHN-117468	Trust: 0.1
db:	VULMON	id:	CVE-2017-9265	Trust: 0.1
db:	PACKETSTORM	id:	144028	Trust: 0.1
db:	PACKETSTORM	id:	144576	Trust: 0.1
db:	PACKETSTORM	id:	144137	Trust: 0.1
db:	PACKETSTORM	id:	144124	Trust: 0.1
db:	PACKETSTORM	id:	143646	Trust: 0.1
db:	PACKETSTORM	id:	144115	Trust: 0.1

sources: VULHUB: VHN-117468 // VULMON: CVE-2017-9265 // BID: 102342 // JVNDB: JVNDB-2017-004543 // PACKETSTORM: 144028 // PACKETSTORM: 144576 // PACKETSTORM: 144137 // PACKETSTORM: 144124 // PACKETSTORM: 143646 // PACKETSTORM: 144115 // CNNVD: CNNVD-201705-1371 // NVD: CVE-2017-9265

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2017:2727	Trust: 2.0
url:	https://access.redhat.com/errata/rhsa-2017:2418	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2017:2665	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2017:2692	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2017:2698	Trust: 1.9
url:	https://mail.openvswitch.org/pipermail/ovs-dev/2017-may/332965.html	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:2553	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:2648	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9265	Trust: 1.4
url:	https://access.redhat.com/security/cve/cve-2017-9263	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2017-9265	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9265	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9263	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9214	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2017-9264	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2017-9214	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1457327	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1457335	Trust: 0.3
url:	http://www.ibm.com	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1457329	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1026032	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9264	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/3450-1/	Trust: 0.1
url:	https://www.securityfocus.com/bid/102342	Trust: 0.1
url:	https://www.ubuntu.com/usn/usn-3450-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openvswitch/2.6.1-0ubuntu5.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openvswitch/2.5.2-0ubuntu0.16.04.2	Trust: 0.1

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 144028 // PACKETSTORM: 144137 // PACKETSTORM: 144124 // PACKETSTORM: 143646 // PACKETSTORM: 144115

SOURCES

db:	VULHUB	id:	VHN-117468
db:	VULMON	id:	CVE-2017-9265
db:	BID	id:	102342
db:	JVNDB	id:	JVNDB-2017-004543
db:	PACKETSTORM	id:	144028
db:	PACKETSTORM	id:	144576
db:	PACKETSTORM	id:	144137
db:	PACKETSTORM	id:	144124
db:	PACKETSTORM	id:	143646
db:	PACKETSTORM	id:	144115
db:	CNNVD	id:	CNNVD-201705-1371
db:	NVD	id:	CVE-2017-9265

LAST UPDATE DATE

2024-11-22T19:31:54.923000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-117468	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-9265	date:	2019-10-03T00:00:00
db:	BID	id:	102342	date:	2017-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-004543	date:	2017-06-28T00:00:00
db:	CNNVD	id:	CNNVD-201705-1371	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-9265	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-117468	date:	2017-05-29T00:00:00
db:	VULMON	id:	CVE-2017-9265	date:	2017-05-29T00:00:00
db:	BID	id:	102342	date:	2017-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-004543	date:	2017-06-28T00:00:00
db:	PACKETSTORM	id:	144028	date:	2017-09-06T17:22:00
db:	PACKETSTORM	id:	144576	date:	2017-10-12T13:40:31
db:	PACKETSTORM	id:	144137	date:	2017-09-14T19:51:05
db:	PACKETSTORM	id:	144124	date:	2017-09-13T05:13:56
db:	PACKETSTORM	id:	143646	date:	2017-08-04T05:19:21
db:	PACKETSTORM	id:	144115	date:	2017-09-13T05:11:26
db:	CNNVD	id:	CNNVD-201705-1371	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-9265	date:	2017-05-29T04:29:00.430