SB2017080328 - Fast Datapath for Red Hat Enterprise Linux 7 update for openvswitch

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017080328

SB2017080328 - Fast Datapath for Red Hat Enterprise Linux 7 update for openvswitch

Published: August 3, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017080328
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Integer underflow (CVE-ID: CVE-2017-9214)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Open vSwitch (OvS) component due to unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 in lib/ofp-util.c. when parsing of OFPT_QUEUE_GET_CONFIG_REPLY messages. A remote attacker can send a specially crafted OFPT_QUEUE_GET_CONFIG_REPLY message, trigger buffer over-read and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Improper input validation (CVE-ID: CVE-2017-9263)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Open vSwitch (OvS) component due to improper parsing of an OpenFlow role status message. A remote attacker with access to a malicious switch can send a specially crafted OpenFlow role status message, trigger a call to the abort() function for undefined role status reasons in the ofp_print_role_status_message function in lib/ofp-print.c and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Out-of-bounds read (CVE-ID: CVE-2017-9264)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. A remote attacker can perform a denial of service attack.


4) Buffer over-read (CVE-ID: CVE-2017-9265)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Open vSwitch (OvS) component due to improper parsing of GroupMod OpenFlow messages. A remote attacker can send a specially crafted GroupMod OpenFlow message from the controller in lib/ofp-util.c in the ofputil_pull_ofp15_group_mod function, trigger buffer over-read and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References