Have questions? Stuck? Please check our FAQ for some common questions and answers.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 33 Next »

  1. Security vulnerabilities fixed in ONOS
  2. Reporting security vulnerability in ONOS
  3. ONOS Security Response team

Security vulnerabilities fixed in ONOS

This page lists all security vulnerabilities fixed in ONOS. Each vulnerability is assigned a security impact rating on a four-point scale (low, moderate, important and critical). The versions that are affected by each vulnerability are also listed.

You can find the template demonstrating the structure of advisories here.

[Important] [CVE-2015-7516] onos-ifwd: denial-of-service (DoS) due to exceptions in application packet processors

Description

It was found that the ONOS core did not properly protect itself from exceptions thrown in application packet processors. Exceptions thrown by applications were not caught and handled, which would result in the relevant switch being disconnected because an exception occurred in an I/O thread. An application could exhibit behavior (either intentionally or unintentionally) which would allow a remote unauthenticated attacker to perform a denial-of-service (DoS) attack by causing ONOS to disconnect switches.

Affected versions

ONOS 1.3.0 Drake is confirmed to be affected.

Patch commit(s)

https://gerrit.onosproject.org/#/c/6137/

Patched versions

A patch has been committed and will be included in a future build.

Credit

This issue was reported by Kashyap Thimmaraju (Technische Universität Berlin & T-Labs Berlin), Liron Schiff (Tel Aviv University), and Dr. Stefan Schmid (Technische Universität Berlin & T-Labs Berlin).

[Important] [CVE-2015-1166] onos-of-ctl: denial-of-service (DoS) due to exception handling while deserializing malformed packets

Description

It was found that the packet deserializers in ONOS would throw exceptions when handling malformed, truncated or maliciously-crafted packets. The exceptions were not caught and handled, which would result in the relevant switch being disconnected because an exception occurred in an I/O thread. A remote unauthenticated attacker could use this flaw to perform a denial-of-service (DoS) attack by causing ONOS to disconnect switches. See ONOS-605 for more details.

Affected versions

ONOS 1.0.0 Avocet is confirmed to be affected.

Patch commit(s)

https://gerrit.onosproject.org/#/c/2207/

Patched versions

Avocet 1.0.1 contains the fix and this patched build is available here. Release Notes for Avocet 1.0.1 are available here.

Credit

This issue was reported by Charles M.C. Chan and Jonathan Hart.

 

                                                                                    

  • No labels