Bug 1533501 (CVE-2018-1078) - CVE-2018-1078 opendaylight: Insecure behavior in node reconciliation process
Summary: CVE-2018-1078 opendaylight: Insecure behavior in node reconciliation process
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2018-1078
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1555473 (view as bug list)
Depends On:
Blocks: 1530427 1533502 1555485
TreeView+ depends on / blocked
 
Reported: 2018-01-11 14:13 UTC by Pedro Sampaio
Modified: 2019-09-29 14:29 UTC (History)
19 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
It was found that all flows, including active and inactive, in the config datastore are installed back in the switch upon reconnection, as part of the node reconciliation process in OpenDayLight. This may lead to denial of service via table overflow or possibly circumventing of the controller's control.
Clone Of:
Environment:
Last Closed: 2019-04-08 10:23:06 UTC


Attachments (Terms of Use)

Description Pedro Sampaio 2018-01-11 14:13:01 UTC
It was found that all the flows, including active and inactive, in the config datastore are installed back in switch upon reconnection, as part of the node reconciliation process in OpenDayLight. This may lead to denial of service via table overflow or possibly circumventiagn of controller's control.

Comment 1 Josh Hershberg 2018-01-15 09:53:12 UTC
Can you please specify how this could cause a DoS? The reconciliation process does push all flows to the switch but it is not additive. After reconciliation the switch will have only the flows that ODL wants it to have and no more. Or am I missing something?

Comment 3 Joshua Padman 2018-01-18 11:49:09 UTC
Acknowledgments:

Name: Vaibhav Hemant Dixit (Arizona State University)

Comment 4 Garth Mollett 2018-03-14 23:59:45 UTC
*** Bug 1555473 has been marked as a duplicate of this bug. ***

Comment 5 Sam Fowler 2018-03-19 02:23:26 UTC
Upstream Issue:

https://jira.opendaylight.org/browse/OPNFLWPLUG-971

Comment 6 Joshua Padman 2019-04-08 10:23:06 UTC
There is currently no resolution upstream and it seems unlikely there will be a resolution. OpenDaylight was technical preview prior to OpenStack 13 and will be deprecated in OpenStack 14.
Refer to the following URL for more information about the deprecation of OpenDaylight.
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/14/html-single/release_notes/index#deprecated_functionality


Note You need to log in before you can comment on or make changes to this bug.