On Thu, 17 May 2018 18:23:09 +0900, Kashyap Thimmaraju wrote: > > Dear Ryu Developers, > > I hope that you are aware of the OpenFlow CVE that was recently made > public [1]. Have there been any discussions on this? Do you plan to > provide a fix or announce a security advisory on this matter? We believe > it is important to spread the awareness to people using OpenFlow > controllers that such an attack is possible. > > [1] http://www.openwall.com/lists/oss-security/2018/05/09/4 >
Thanks for notifying the vulnerability. I'll add a security note for the issue. With ryu, custom datapath id validation can be done by implementing an event handler for EventOFPSwitchFeatures. As there seems to be no standard way of doing such validation, it's basically up to ryu users for now. -- IWAMOTO Toshihiro ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Ryu-devel mailing list Ryu-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ryu-devel
