Red Hat update for openvswitch
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-17204 CVE-2018-17205 CVE-2018-17206 |
| CWE-ID | CWE-617 CWE-126 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
Red Hat OpenStack Server applications / Other server solutions |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Assertion failure
EUVDB-ID: #VU16578
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-17204
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in parse_group_prop_ntr_selection_method in lib/ofp-util.c due to validation of the group type and command after the whole group mod has been decoded. A remote attacker can trigger an an assertion failure via OVS_NOT_REACHED when the OF1.5 decoder tries to use the type and command earlier, when it might still be invalid.
MitigationInstall updates from vendor's website.
Red Hat OpenStack: 10.0
CPE2.3 External linkshttp://access.redhat.com/errata/RHSA-2019:0053
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Assertion failure
EUVDB-ID: #VU16579
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-17205
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in ofproto_rule_insert__ in ofproto/ofproto.c due to flows that are added in a bundle are applied to ofproto in order during bundle commit. A remote attacker can trigger an an assertion failure due to a check on rule state != RULE_INITIALIZED while reinserting old flows and cause the service to crash.
MitigationInstall updates from vendor's website.
Red Hat OpenStack: 10.0
CPE2.3 External linkshttp://access.redhat.com/errata/RHSA-2019:0053
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Buffer over-read
EUVDB-ID: #VU16580
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-17206
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to buffer over-read issue during BUNDLE action decoding in the decode_bundle function inside lib/ofp-actions.c. A remote attacker can trigger memory corruption and cause the service to crash.
MitigationInstall updates from vendor's website.
Red Hat OpenStack: 10.0
CPE2.3 External linkshttp://access.redhat.com/errata/RHSA-2019:0053
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
