From: "Richard W.M. Jones" <rich@annexia.org>
To: caml-list@inria.fr
Subject: Re: [Caml-list] Re: [oss-security] CVE request: Hash DoS vulnerability (ocert-2011-003)
Date: Sat, 10 Mar 2012 07:31:13 +0000 [thread overview]
Message-ID: <20120310073113.GA16716@annexia.org> (raw)
In-Reply-To: <20120207083412.GA30350@annexia.org>
On Tue, Feb 07, 2012 at 08:34:12AM +0000, Richard W.M. Jones wrote:
> On Mon, Feb 06, 2012 at 06:10:15PM -0700, Kurt Seifried wrote:
> > On 02/06/2012 06:05 PM, Kurt Seifried wrote:
> > > So going through various things looks like Ocaml is vulnerable and has
> > > not had a CVE # assigned for this issue yet.
> > >
> > > Discussion of the issue takes place on the mailing list, here is a link
> > > for the originating thread:
> > >
> > >cc
> > >
> > > There doesn't appear to be a fix yet.
> > >
> > >
> >
> > Please use CVE-2012-0839 for this issue.
>
> Red Hat BZ:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=787888
>
> Rather than changing every app that uses Hashtbl, I'd prefer to fix
> this upstream by choosing a random seed for hash tables unless the
> caller explicitly sets one or sets an environment variable to disable
> this.
>
> In Perl, the seed is a random number chosen when the Perl interpreter
> starts up. This is low overhead, but still leaves a (much more
> theoretical) attack where someone can determine the seed from a
> long-running process using some other method and still attack the hash
> table.
>
> In Python there is an environment variable you can set to disable
> randomized hash tables. Further Python discussion here:
> http://bugs.python.org/issue13703
> http://mail.python.org/pipermail/python-dev/2012-January/thread.html#115465
No comment at all? This is an exploitable CVE ...
Rich.
--
Richard Jones
Red Hat
next prev parent reply other threads:[~2012-03-10 7:31 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4F3078F1.8070105@redhat.com>
2012-02-07 1:10 ` Kurt Seifried
2012-02-07 8:34 ` Richard W.M. Jones
2012-03-10 7:31 ` Richard W.M. Jones [this message]
2012-03-10 12:31 ` Gerd Stolpmann
2012-03-12 18:03 ` Xavier Leroy
2012-03-13 9:54 ` Romain Bardou
2012-03-13 11:58 ` Paolo Donadeo
2012-03-13 12:31 ` Philippe Veber
2012-03-13 13:23 ` Gerd Stolpmann
2012-03-13 15:39 ` Romain Bardou
2012-03-13 18:27 ` David Allsopp
2012-03-13 18:58 ` Alain Frisch
2012-03-13 18:08 ` Dario Teixeira
2012-03-13 18:28 ` David Allsopp
2012-03-14 9:23 ` Xavier Leroy
2012-03-13 16:52 ` Richard W.M. Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120310073113.GA16716@annexia.org \
--to=rich@annexia.org \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).