From: "Richard W.M. Jones" <rich@annexia.org>
To: caml-list@inria.fr
Subject: Re: [Caml-list] Re: [oss-security] CVE request: Hash DoS vulnerability (ocert-2011-003)
Date: Tue, 7 Feb 2012 08:34:12 +0000 [thread overview]
Message-ID: <20120207083412.GA30350@annexia.org> (raw)
In-Reply-To: <4F3079F7.4040606@redhat.com>
On Mon, Feb 06, 2012 at 06:10:15PM -0700, Kurt Seifried wrote:
> On 02/06/2012 06:05 PM, Kurt Seifried wrote:
> > So going through various things looks like Ocaml is vulnerable and has
> > not had a CVE # assigned for this issue yet.
> >
> > Discussion of the issue takes place on the mailing list, here is a link
> > for the originating thread:
> >
> >cc
> >
> > There doesn't appear to be a fix yet.
> >
> >
>
> Please use CVE-2012-0839 for this issue.
Red Hat BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=787888
Rather than changing every app that uses Hashtbl, I'd prefer to fix
this upstream by choosing a random seed for hash tables unless the
caller explicitly sets one or sets an environment variable to disable
this.
In Perl, the seed is a random number chosen when the Perl interpreter
starts up. This is low overhead, but still leaves a (much more
theoretical) attack where someone can determine the seed from a
long-running process using some other method and still attack the hash
table.
In Python there is an environment variable you can set to disable
randomized hash tables. Further Python discussion here:
http://bugs.python.org/issue13703
http://mail.python.org/pipermail/python-dev/2012-January/thread.html#115465
Rich.
--
Richard Jones
Red Hat
next prev parent reply other threads:[~2012-02-07 8:34 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4F3078F1.8070105@redhat.com>
2012-02-07 1:10 ` Kurt Seifried
2012-02-07 8:34 ` Richard W.M. Jones [this message]
2012-03-10 7:31 ` Richard W.M. Jones
2012-03-10 12:31 ` Gerd Stolpmann
2012-03-12 18:03 ` Xavier Leroy
2012-03-13 9:54 ` Romain Bardou
2012-03-13 11:58 ` Paolo Donadeo
2012-03-13 12:31 ` Philippe Veber
2012-03-13 13:23 ` Gerd Stolpmann
2012-03-13 15:39 ` Romain Bardou
2012-03-13 18:27 ` David Allsopp
2012-03-13 18:58 ` Alain Frisch
2012-03-13 18:08 ` Dario Teixeira
2012-03-13 18:28 ` David Allsopp
2012-03-14 9:23 ` Xavier Leroy
2012-03-13 16:52 ` Richard W.M. Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120207083412.GA30350@annexia.org \
--to=rich@annexia.org \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).