[3.3] openvswitch: MPLS buffer overflow vulnerabilities (CVE-2016-2074)
Multiple versions of Open vSwitch are vulnerable to remote buffer
overflow attacks, in which crafted MPLS
packets could overflow the buffer reserved for MPLS labels in an OVS
internal data structure.
Open vSwitch 2.1.x and earlier are not vulnerable.
In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be exploited for arbitrary remote code execution.
In Open vSwitch 2.4.x, the MPLS buffer overflow does not obviously
lead to a remote code execution exploit,
but testing shows that it can allow a remote denial of service.
Open vSwitch 2.5.x is not vulnerable.
References and patch:
http://openvswitch.org/pipermail/announce/2016-March/000082.html
(from redmine: issue id 5337, created on 2016-03-29, closed on 2016-04-12)
- Relations:
- parent #5336 (closed)
- Changesets:
- Revision 7bb4959e on 2016-04-06T14:08:09Z:
main/openvswitch: security fix (CVE-2016-2074). Fixes #5337