From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail1-relais-roc.national.inria.fr (mail1-relais-roc.national.inria.fr [192.134.164.82]) by walapai.inria.fr (8.13.6/8.13.6) with ESMTP id q2A7VdcY032263 for ; Sat, 10 Mar 2012 08:31:39 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EABwDW09QRFuw/2dsb2JhbABDtTaBB4IKAQEFOjQbCxgcEhQoiEIHukKFM4R5gyqCP2MElUiQHYJjgVw X-IronPort-AV: E=Sophos;i="4.73,561,1325458800"; d="scan'208";a="148560645" Received: from furbychan.cocan.org ([80.68.91.176]) by mail1-smtp-roc.national.inria.fr with ESMTP/TLS/AES256-SHA; 10 Mar 2012 08:31:14 +0100 Received: from rich by furbychan.cocan.org with local (Exim 4.72) (envelope-from ) id 1S6Gll-0004NZ-5U for caml-list@inria.fr; Sat, 10 Mar 2012 07:31:13 +0000 Date: Sat, 10 Mar 2012 07:31:13 +0000 From: "Richard W.M. Jones" To: caml-list@inria.fr Message-ID: <20120310073113.GA16716@annexia.org> References: <4F3078F1.8070105@redhat.com> <4F3079F7.4040606@redhat.com> <20120207083412.GA30350@annexia.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120207083412.GA30350@annexia.org> User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: [Caml-list] Re: [oss-security] CVE request: Hash DoS vulnerability (ocert-2011-003) On Tue, Feb 07, 2012 at 08:34:12AM +0000, Richard W.M. Jones wrote: > On Mon, Feb 06, 2012 at 06:10:15PM -0700, Kurt Seifried wrote: > > On 02/06/2012 06:05 PM, Kurt Seifried wrote: > > > So going through various things looks like Ocaml is vulnerable and has > > > not had a CVE # assigned for this issue yet. > > > > > > Discussion of the issue takes place on the mailing list, here is a link > > > for the originating thread: > > > > > >cc > > > > > > There doesn't appear to be a fix yet. > > > > > > > > > > Please use CVE-2012-0839 for this issue. > > Red Hat BZ: > > https://bugzilla.redhat.com/show_bug.cgi?id=787888 > > Rather than changing every app that uses Hashtbl, I'd prefer to fix > this upstream by choosing a random seed for hash tables unless the > caller explicitly sets one or sets an environment variable to disable > this. > > In Perl, the seed is a random number chosen when the Perl interpreter > starts up. This is low overhead, but still leaves a (much more > theoretical) attack where someone can determine the seed from a > long-running process using some other method and still attack the hash > table. > > In Python there is an environment variable you can set to disable > randomized hash tables. Further Python discussion here: > http://bugs.python.org/issue13703 > http://mail.python.org/pipermail/python-dev/2012-January/thread.html#115465 No comment at all? This is an exploitable CVE ... Rich. -- Richard Jones Red Hat