[ovs-dev] [PATCH RFC] SECURITY: New document describing proposed security process for OVS.

Fri Jan 2 23:22:27 UTC 2015

On 01/02/15 at 03:01pm, Ben Pfaff wrote:
> On Fri, Jan 02, 2015 at 11:53:26PM +0100, Thomas Graf wrote:
> > Looks great. Do we want to include a couple of examples of what
> > would classify as a vulnerability?
> 
> Sure.  Some that come randomly to mind:
> 
>         * A crafted packet that causes a kernel or userspace crash.
> 
>         * A flow translation bug that misforwards traffic in a way
>           likely to hop over security boundaries.
> 
>         * An OpenFlow protocol bug that allows a controller to read
>           arbitrary files from the file system.
> 
>         * Misuse of the OpenSSL library that allows bypassing
>           certificate checks.

       * A bug (memory corruption, overflow, ...) that allows to
         illegally modify the behaviour of OVS through external
         configuration interfaces such as OVSDB.

       * Privileged information is exposed to unprivileged users.