PT-2016-5001 · Open Vswitch+1 · Openvswitch+1

Andrej Nemec

·

Publicado

2016-03-28

·

Atualizado

2018-03-23

·

CVE-2016-2074

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Open vSwitch versions 2.2.x through 2.3.x before 2.3.3 Open vSwitch versions 2.4.x before 2.4.1
Description The issue allows remote attackers to execute arbitrary code via crafted MPLS packets. This can be demonstrated by a long string in an ovs-appctl command.
Recommendations For Open vSwitch versions 2.2.x through 2.3.x before 2.3.3, update to version 2.3.3 or later. For Open vSwitch versions 2.4.x before 2.4.1, update to version 2.4.1 or later.

Correção

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2016-2105
CVE-2016-2074
DSA-3533-1
RHSA-2016:0523
RHSA-2016:0524
RHSA-2016:0537
RHSA-2016:0615

Produtos afetados

Alt Linux
Openvswitch