漏洞类别:RedHat
漏洞等级: 
漏洞信息
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this issue to cause a remote denial of service attack. (CVE-2017-9214)
While parsing an OpenFlow role status message Open vSwitch (OvS), a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch. (CVE-2017-9263)
A buffer over-read issue was found in Open vSwitch (OvS) which emerged while parsing the GroupMod OpenFlow messages sent from the controller. The issue could enable an attacker to cause a denial of service type of attack. (CVE-2017-9265)
Affected Product:
Red Hat OpenStack 7 x86_64
漏洞危害
An attacker could use this issue to cause a remote denial of service attack. (CVE-2017-9214)
On successful exploitation an attacker to cause a denial of service type of attack. (CVE-2017-9265) and 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch. (CVE-2017-9263)
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2017:2698 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论