oss-sec mailing list archives
CVE request: DoS in ONOS when handling jumbo ethernet frames
From: David Jorm <david.jorm () gmail com>
Date: Tue, 24 Nov 2015 09:19:33 -0800
It was found that ONOS would throw exceptions when handling jumbo ethernet frames. The exceptions were not caught and handled, so a remote unauthenticated attacker could use this flaw to perform a denial-of-service attack against an ONOS system. To exploit this issue, the attacker must be able to send a jumbo ethernet frame to a switch controlled by ONOS. Only the connection between the controller and the switch generating the packet-in message of the malicious packet will be affected (disconnected). More details are available here: https://jira.onosproject.org/browse/ONOS-3349 An advisory is now live with no CVE ID: https://wiki.onosproject.org/display/ONOS/Security+advisories Please assign a CVE ID to this issue. A request was sent to MITRE directly 9 days ago with no answer. We need a CVE ID within the next 24 hours. Thanks David Jorm on behalf of the ONOS security response team
Current thread:
- CVE request: DoS in ONOS when handling jumbo ethernet frames David Jorm (Nov 24)
- Re: CVE request: DoS in ONOS when handling jumbo ethernet frames Kurt Seifried (Nov 25)