SB2017091404 - Multiple vulnerabilities in Red Hat OpenStack

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Buffer over-read (CVE-ID: CVE-2017-9265)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Open vSwitch (OvS) component due to improper parsing of GroupMod OpenFlow messages. A remote attacker can send a specially crafted GroupMod OpenFlow message from the controller in lib/ofp-util.c in the ofputil_pull_ofp15_group_mod function, trigger buffer over-read and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Improper input validation (CVE-ID: CVE-2017-9263)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Open vSwitch (OvS) component due to improper parsing of an OpenFlow role status message. A remote attacker with access to a malicious switch can send a specially crafted OpenFlow role status message, trigger a call to the abort() function for undefined role status reasons in the ofp_print_role_status_message function in lib/ofp-print.c and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Integer underflow (CVE-ID: CVE-2017-9214)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Open vSwitch (OvS) component due to unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 in lib/ofp-util.c. when parsing of OFPT_QUEUE_GET_CONFIG_REPLY messages. A remote attacker can send a specially crafted OFPT_QUEUE_GET_CONFIG_REPLY message, trigger buffer over-read and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2017:2698