CVE-2017-1000411
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout.
OpenFlow Plugin y OpenDayLight Controller, en versiones Nitrogen, Carbon, Boron, Robert Varga y Anil Vishnoi, contienen un error cuando múltiples flujos "expirados" consumen los recursos de memoria de CONFIG DATASTORE, lo que conduce a un cierre de CONTROLLER. Si se envían múltiples flujos diferentes con "idle-timeout" y "hard-timeout" a la API REST de Openflow Plugin, los flujos expirados acabarán cerrando el controlador inesperadamente una vez se excedan as asignaciones de memoria establecidas con el tamaño de la máquina virtual Java. Aunque los flujos instalados (con tiempo de espera establecido) se eliminan de la red (y, por lo tanto, también del DS de operaciones del controlador), las entradas expiradas siguen presentes en CONFIG DS. El ataque puede surgir tanto de una vertical de arriba como de abajo. La descripción anterior corresponde a un ataque desde arriba. Puede darse un ataque desde abajo cuando un atacante intenta realizar una inundación de flujos y, ya que los flujos incluyen tiempos de espera, el ataque no tiene éxito. Sin embargo, el atacante sí tendrá éxito en un ataque de desbordamiento de CONTROLLER (consumo de recursos). Aunque el DS de red (las tablas de flujo) y de operaciones solo está ocupado en un 1% aproximadamente, el controlador pide consumo de recursos. Esto ocurre debido a que los flujos instalados se eliminan de la red una vez ha pasado el tiempo de espera.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-28 CVE Reserved
- 2018-01-31 CVE Published
- 2023-12-11 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-404: Improper Resource Shutdown or Release
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://seclists.org/oss-sec/2018/q1/52 | Mailing List | |
http://www.securityfocus.com/bid/102736 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opendaylight Search vendor "Opendaylight" | Opendaylight Search vendor "Opendaylight" for product "Opendaylight" | boron Search vendor "Opendaylight" for product "Opendaylight" and version "boron" | - |
Affected
| ||||||
Opendaylight Search vendor "Opendaylight" | Opendaylight Search vendor "Opendaylight" for product "Opendaylight" | carbon Search vendor "Opendaylight" for product "Opendaylight" and version "carbon" | - |
Affected
| ||||||
Opendaylight Search vendor "Opendaylight" | Opendaylight Search vendor "Opendaylight" for product "Opendaylight" | nitrogen Search vendor "Opendaylight" for product "Opendaylight" and version "nitrogen" | - |
Affected
| ||||||
Opendaylight Search vendor "Opendaylight" | Openflow Search vendor "Opendaylight" for product "Openflow" | boron Search vendor "Opendaylight" for product "Openflow" and version "boron" | opendaylight |
Affected
| ||||||
Opendaylight Search vendor "Opendaylight" | Openflow Search vendor "Opendaylight" for product "Openflow" | carbon Search vendor "Opendaylight" for product "Openflow" and version "carbon" | opendaylight |
Affected
| ||||||
Opendaylight Search vendor "Opendaylight" | Openflow Search vendor "Opendaylight" for product "Openflow" | nitrogen Search vendor "Opendaylight" for product "Openflow" and version "nitrogen" | opendaylight |
Affected
|