2016-03-30 09:22:08 |
Dmitry Teselkin |
bug |
|
|
added bug |
2016-03-30 09:22:31 |
Dmitry Teselkin |
cve linked |
|
2016-2074 |
|
2016-03-30 09:22:57 |
Dmitry Teselkin |
description |
Multiple versions of Open vSwitch are vulnerable to remote buffer
overflow attacks, in which crafted MPLS packets could overflow the
buffer reserved for MPLS labels in an OVS internal data structure.
The MPLS packets that trigger the vulnerability and the potential for
exploitation vary depending on version:
- Open vSwitch 2.1.x and earlier are not vulnerable.
- In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be
exploited for arbitrary remote code execution.
- In Open vSwitch 2.4.x, the MPLS buffer overflow does not
obviously lead to a remote code execution exploit, but testing
shows that it can allow a remote denial of service. See the
mitigation section for details.
- Open vSwitch 2.5.x is not vulnerable.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-2074 to this issue. |
Multiple versions of Open vSwitch are vulnerable to remote buffer
overflow attacks, in which crafted MPLS packets could overflow the
buffer reserved for MPLS labels in an OVS internal data structure.
The MPLS packets that trigger the vulnerability and the potential for
exploitation vary depending on version:
- Open vSwitch 2.1.x and earlier are not vulnerable.
- In Open vSwitch 2.2.x and 2.3.x, the MPLS buffer overflow can be
exploited for arbitrary remote code execution.
- In Open vSwitch 2.4.x, the MPLS buffer overflow does not
obviously lead to a remote code execution exploit, but testing
shows that it can allow a remote denial of service. See the
mitigation section for details.
- Open vSwitch 2.5.x is not vulnerable.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-2074 to this issue.
http://seclists.org/oss-sec/2016/q1/706 |
|
2016-03-30 09:24:25 |
Dmitry Teselkin |
mos: assignee |
|
MOS Linux (mos-linux) |
|
2016-03-30 09:49:04 |
Dmitry Teselkin |
bug |
|
|
added subscriber MOS Linux |
2016-03-30 09:49:14 |
Dmitry Teselkin |
bug |
|
|
added subscriber MOS Security |
2016-03-30 10:19:53 |
Dmitry Teselkin |
information type |
Private Security |
Public Security |
|
2016-03-30 10:20:02 |
Dmitry Teselkin |
removed subscriber MOS Linux |
|
|
|
2016-03-30 10:20:05 |
Dmitry Teselkin |
removed subscriber MOS Security |
|
|
|
2016-03-30 13:05:34 |
Dina Belova |
tags |
|
area-linux |
|
2016-03-30 13:05:38 |
Dina Belova |
mos: status |
New |
Confirmed |
|
2016-03-30 13:05:55 |
Dina Belova |
mos: importance |
Undecided |
High |
|
2016-03-30 13:05:58 |
Dina Belova |
mos: milestone |
|
9.0 |
|
2016-03-30 13:07:07 |
Bug Checker Bot |
tags |
area-linux |
area-linux need-info |
|
2016-03-30 15:36:22 |
Dmitry Teselkin |
nominated for series |
|
mos/7.0.x |
|
2016-03-30 15:36:22 |
Dmitry Teselkin |
bug task added |
|
mos/7.0.x |
|
2016-03-30 15:36:22 |
Dmitry Teselkin |
nominated for series |
|
mos/8.0.x |
|
2016-03-30 15:36:22 |
Dmitry Teselkin |
bug task added |
|
mos/8.0.x |
|
2016-03-30 15:36:22 |
Dmitry Teselkin |
nominated for series |
|
mos/9.0.x |
|
2016-03-30 15:36:22 |
Dmitry Teselkin |
bug task added |
|
mos/9.0.x |
|
2016-03-30 15:36:50 |
Dmitry Teselkin |
mos/7.0.x: importance |
Undecided |
High |
|
2016-03-30 15:36:52 |
Dmitry Teselkin |
mos/9.0.x: importance |
Undecided |
High |
|
2016-03-30 15:37:19 |
Dmitry Teselkin |
mos/9.0.x: assignee |
|
MOS Linux (mos-linux) |
|
2016-03-30 15:37:24 |
Dmitry Teselkin |
mos/9.0.x: status |
New |
Confirmed |
|
2016-03-30 15:37:34 |
Dmitry Teselkin |
mos/8.0.x: assignee |
MOS Linux (mos-linux) |
MOS Maintenance (mos-maintenance) |
|
2016-03-30 15:37:49 |
Dmitry Teselkin |
mos/7.0.x: assignee |
|
MOS Maintenance (mos-maintenance) |
|
2016-03-30 15:37:53 |
Dmitry Teselkin |
mos/7.0.x: status |
New |
Confirmed |
|
2016-03-30 15:38:32 |
Dmitry Teselkin |
mos/8.0.x: milestone |
9.0 |
8.0-updates |
|
2016-03-30 15:38:37 |
Dmitry Teselkin |
mos/7.0.x: milestone |
|
7.0-updates |
|
2016-03-30 15:38:40 |
Dmitry Teselkin |
mos/9.0.x: milestone |
|
9.0 |
|
2016-03-30 15:40:51 |
Dmitry Teselkin |
tags |
area-linux need-info |
area-linux |
|
2016-03-31 08:21:44 |
Vitaly Sedelnik |
mos/7.0.x: status |
Confirmed |
Incomplete |
|
2016-03-31 08:21:47 |
Vitaly Sedelnik |
mos/8.0.x: status |
Confirmed |
Incomplete |
|
2016-03-31 08:21:50 |
Vitaly Sedelnik |
mos/9.0.x: status |
Confirmed |
Incomplete |
|
2016-03-31 08:21:57 |
Vitaly Sedelnik |
mos/7.0.x: assignee |
MOS Maintenance (mos-maintenance) |
Dmitry Teselkin (teselkin-d) |
|
2016-03-31 08:22:03 |
Vitaly Sedelnik |
mos/8.0.x: assignee |
MOS Maintenance (mos-maintenance) |
Dmitry Teselkin (teselkin-d) |
|
2016-03-31 08:22:10 |
Vitaly Sedelnik |
mos/9.0.x: assignee |
MOS Linux (mos-linux) |
Dmitry Teselkin (teselkin-d) |
|
2016-04-01 08:42:53 |
Adam Heczko |
mos/7.0.x: status |
Incomplete |
Confirmed |
|
2016-04-01 08:43:01 |
Adam Heczko |
mos/7.0.x: importance |
High |
Medium |
|
2016-04-01 08:43:06 |
Adam Heczko |
mos/8.0.x: status |
Incomplete |
Confirmed |
|
2016-04-01 08:43:10 |
Adam Heczko |
mos/8.0.x: importance |
High |
Medium |
|
2016-04-01 08:43:14 |
Adam Heczko |
mos/9.0.x: status |
Incomplete |
Confirmed |
|
2016-04-01 08:43:20 |
Adam Heczko |
mos/9.0.x: importance |
High |
Medium |
|
2016-04-06 13:41:20 |
Dmitry Teselkin |
mos/9.0.x: importance |
Medium |
High |
|
2016-04-06 13:41:24 |
Dmitry Teselkin |
mos/9.0.x: status |
Confirmed |
In Progress |
|
2016-04-06 13:41:38 |
Dmitry Teselkin |
mos/9.0.x: assignee |
Dmitry Teselkin (teselkin-d) |
Albert Syriy (asyriy) |
|
2016-04-08 10:35:52 |
Albert Syriy |
mos/9.0.x: status |
In Progress |
Fix Committed |
|
2016-04-11 09:09:35 |
Dmitry Teselkin |
mos/8.0.x: assignee |
Dmitry Teselkin (teselkin-d) |
MOS Maintenance (mos-maintenance) |
|
2016-04-11 09:09:47 |
Dmitry Teselkin |
mos/7.0.x: assignee |
Dmitry Teselkin (teselkin-d) |
MOS Maintenance (mos-maintenance) |
|
2016-04-15 10:28:47 |
Alexander Gubanov |
mos/9.0.x: status |
Fix Committed |
Fix Released |
|
2016-09-02 13:49:56 |
Denis Meltsaykin |
mos/8.0.x: status |
Confirmed |
Won't Fix |
|
2016-09-02 13:50:10 |
Denis Meltsaykin |
mos/7.0.x: status |
Confirmed |
Won't Fix |
|