FreeBSD : openvswitch -- MPLS buffer overflow (b53bbf58-257f-11e6-9f4d-20cf30e32f6d)

critical Nessus Plugin ID 91375

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Open vSwitch reports :

Multiple versions of Open vSwitch are vulnerable to remote buffer overflow attacks, in which crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. The MPLS packets that trigger the vulnerability and the potential for exploitation vary depending on version :

Open vSwitch 2.1.x and earlier are not vulnerable.

In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be exploited for arbitrary remote code execution.

In Open vSwitch 2.4.x, the MPLS buffer overflow does not obviously lead to a remote code execution exploit, but testing shows that it can allow a remote denial of service. See the mitigation section for details.

Open vSwitch 2.5.x is not vulnerable.

Solution

Update the affected packages.

See Also

http://www.openvswitch.org//pipermail/announce/2016-March/000082.html

http://www.openvswitch.org//pipermail/announce/2016-March/000083.html

http://www.nessus.org/u?18c4d5b3

Plugin Details

Severity: Critical

ID: 91375

File Name: freebsd_pkg_b53bbf58257f11e69f4d20cf30e32f6d.nasl

Version: 2.7

Type: local

Published: 5/31/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:openvswitch, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/29/2016

Vulnerability Publication Date: 3/28/2016

Reference Information

CVE: CVE-2016-2074