CVE-2017-9214 Red Hat Update for openvswitch (RHSA-2017:2698)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this issue to cause a remote denial of service attack. (CVE-2017-9214)
While parsing an OpenFlow role status message Open vSwitch (OvS), a call to the abort() function for undefined role status reasons in the function ‘ofp_print_role_status_message’ in ‘lib/ofp-print.c’ could be misused for a remote denial of service attack by a malicious switch. (CVE-2017-9263)
A buffer over-read issue was found in Open vSwitch (OvS) which emerged while parsing the GroupMod OpenFlow messages sent from the controller. The issue could enable an attacker to cause a denial of service type of attack. (CVE-2017-9265)

Affected Product:
Red Hat OpenStack 7 x86_64

漏洞危害

An attacker could use this issue to cause a remote denial of service attack. (CVE-2017-9214)
On successful exploitation an attacker to cause a denial of service type of attack. (CVE-2017-9265) and ‘ofp_print_role_status_message’ in ‘lib/ofp-print.c’ could be misused for a remote denial of service attack by a malicious switch. (CVE-2017-9263)

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2698 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2698: Red Hat Enterprise Linux

Leave a Reply