On 01/02/15 at 03:01pm, Ben Pfaff wrote:
> On Fri, Jan 02, 2015 at 11:53:26PM +0100, Thomas Graf wrote:
> > Looks great. Do we want to include a couple of examples of what
> > would classify as a vulnerability?
>
> Sure. Some that come randomly to mind:
>
> * A crafted packet that causes a kernel or userspace crash.
>
> * A flow translation bug that misforwards traffic in a way
> likely to hop over security boundaries.
>
> * An OpenFlow protocol bug that allows a controller to read
> arbitrary files from the file system.
>
> * Misuse of the OpenSSL library that allows bypassing
> certificate checks.
* A bug (memory corruption, overflow, ...) that allows to
illegally modify the behaviour of OVS through external
configuration interfaces such as OVSDB.
* Privileged information is exposed to unprivileged users.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
