Red Hat Bugzilla – Bug 1447856
CVE-2017-1000361 opendaylight: Port-Status packets sent to Controller create exceptions
Last modified: 2018-05-14 07:55:52 EDT
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight controller. From thesis: https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf?sequence=1 Vulnerability 5: Sending the following Port-Status packet 040c005000000015020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 causes the controller to launch several DOMRpcImplementationNotAvailable Exception-s and consume more resources. Number of created threads doubles and CPU consumption increases.
Created opendaylight tracking bugs for this issue: Affects: openstack-rdo [bug 1447871]
Acknowledgments: Name: OpenDaylight project Upstream: Andi Bidaj
Mitigation from upstream: https://wiki.opendaylight.org/view/Security_Advisories Restricting access to the management network to ensure that only known, trusted devices can connect to the OpenFlow ports of OpenDaylight should minimize or eliminate the risk.
Statement: This issue affects OpenDaylight in Red Hat OpenStack Platform 12.0 (Pike). However, OpenDaylight is only supported in segregated management networks; by default, at worst, this flaw would only be exposed on an admin network. For this reason, Red Hat Product Security has rated this issue as having security impact of Low. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.