Icon

Have questions? Stuck? Please check our FAQ for some common questions and answers.

This wiki documents the current development version of ONOS (master). Refer to the Wiki Archives for documentation for all previous versions of ONOS.

Skip to end of metadata
Go to start of metadata

Security vulnerabilities fixed in ONOS

Description

It was found that the ONOS core did not properly protect itself from exceptions thrown in application packet processors. Exceptions thrown by applications were not caught and handled, which would result in the relevant switch being disconnected because an exception occurred in an I/O thread. An application could exhibit behavior (either intentionally or unintentionally) which would allow a remote unauthenticated attacker to perform a denial-of-service (DoS) attack by causing ONOS to disconnect switches.

Affected versions

ONOS 1.3.0 Drake is confirmed to be affected.

Patch commit(s)

https://gerrit.onosproject.org/#/c/6137/

This issue was reported by Kashyap Thimmaraju (Technische Universität Berlin & T-Labs Berlin), Liron Schiff (Tel Aviv University), and Dr. Stefan Schmid (Technische Universität Berlin & T-Labs Berlin).

Description

It was found that the packet deserializers in ONOS would throw exceptions when handling malformed, truncated or maliciously-crafted packets. The exceptions were not caught and handled, which would result in the relevant switch being disconnected because an exception occurred in an I/O thread. A remote unauthenticated attacker could use this flaw to perform a denial-of-service (DoS) attack by causing ONOS to disconnect switches. See ONOS-605 for more details.

Affected versions

ONOS 1.0.0 Avocet is confirmed to be affected.

Patch commit(s)

https://gerrit.onosproject.org/#/c/2207/

 

                                                                                    

  • No labels