Red Hat update for openvswitch

1) Assertion failure

EUVDB-ID: #VU16578

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-17204

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in parse_group_prop_ntr_selection_method in lib/ofp-util.c due to validation of the group type and command after the whole group mod has been decoded. A remote attacker can trigger an an assertion failure via OVS_NOT_REACHED when the OF1.5 decoder tries to use the type and command earlier, when it might still be invalid.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Fast Datapath: 7

Red Hat Virtualization Manager: 4.2

Red Hat Virtualization for IBM Power LE: 4

Red Hat Virtualization: 4

External links

http://access.redhat.com/errata/RHSA-2018:3500

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Assertion failure

EUVDB-ID: #VU16579

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-17205

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in ofproto_rule_insert__ in ofproto/ofproto.c due to  flows that are added in a bundle are applied to ofproto in order during bundle commit. A remote attacker can trigger an an assertion failure due to a check on rule state != RULE_INITIALIZED while reinserting old flows and cause the service to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Fast Datapath: 7

Red Hat Virtualization Manager: 4.2

Red Hat Virtualization for IBM Power LE: 4

Red Hat Virtualization: 4

External links

http://access.redhat.com/errata/RHSA-2018:3500

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Buffer over-read

EUVDB-ID: #VU16580

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-17206

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer over-read issue during BUNDLE action decoding in the decode_bundle function inside lib/ofp-actions.c. A remote attacker can trigger memory corruption and cause the service to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Fast Datapath: 7

Red Hat Virtualization Manager: 4.2

Red Hat Virtualization for IBM Power LE: 4

Red Hat Virtualization: 4

External links

http://access.redhat.com/errata/RHSA-2018:3500

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.