PT-2017-18814 · Open Vswitch+3 · Openvswitch+3

Bhargava Shastry

Publicado

2017-05-29

Atualizado

2018-02-21

CVE-2017-9263

CVSS v3.1

6.5

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open vSwitch (OvS) version 2.7.0

Description The issue arises when parsing an OpenFlow role status message, where a call to the abort() function is made for undefined role status reasons in the ofp print role status message function located in lib/ofp-print.c. This could potentially be exploited by a malicious switch to launch a remote Denial of Service (DoS) attack.

Recommendations For Open vSwitch (OvS) version 2.7.0, consider disabling the ofp print role status message function as a temporary workaround until a patch is available to prevent potential exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-1874

CVE-2017-9263

RHSA-2017:2418

RHSA-2017:2553

RHSA-2017:2648

RHSA-2017:2665

RHSA-2017:2692

RHSA-2017:2698

RHSA-2017:2727

SUSE-SU-2017:2212-1

SUSE-SU-2017_2212-1

SUSE-SU-2018:0311-1

SUSE-SU-2018:0505-1

USN-3450-1

Produtos afetados

Alt Linux

Openvswitch

Suse

Ubuntu

PT-2017-18814 · Open Vswitch+3 · Openvswitch+3

CVE-2017-9263

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 46