Date: Tue, 24 Nov 2015 09:19:33 -0800 From: David Jorm <david.jorm@...il.com> To: oss-security@...ts.openwall.com Cc: Kurt Seifried <kseifried@...hat.com> Subject: CVE request: DoS in ONOS when handling jumbo ethernet frames It was found that ONOS would throw exceptions when handling jumbo ethernet frames. The exceptions were not caught and handled, so a remote unauthenticated attacker could use this flaw to perform a denial-of-service attack against an ONOS system. To exploit this issue, the attacker must be able to send a jumbo ethernet frame to a switch controlled by ONOS. Only the connection between the controller and the switch generating the packet-in message of the malicious packet will be affected (disconnected). More details are available here: https://jira.onosproject.org/browse/ONOS-3349 An advisory is now live with no CVE ID: https://wiki.onosproject.org/display/ONOS/Security+advisories Please assign a CVE ID to this issue. A request was sent to MITRE directly 9 days ago with no answer. We need a CVE ID within the next 24 hours. Thanks David Jorm on behalf of the ONOS security response team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.