Bug 781683 (CVE-2011-4462)

Summary: CVE-2011-4462 plone: hash table collisions CPU usage DoS (oCERT-2011-003)
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: cluster-maint, jlieskov, jrusnack, rmccabe
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 13:07:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 784044    
Bug Blocks: 770929, 782243    

Description Kurt Seifried 2012-01-14 07:33:20 UTC 
Julian Wälde and Alexander Klink reported a flaw in the hash function used in
the implementation of the Python dictionaries (associative arrays).

A specially-crafted set of keys could trigger hash function collisions, which
degrade dictionary performance by changing hash table operations complexity
from an expected/average O(1) to the worst case O(n).  Reporters were able to
find colliding strings efficiently using meet in the middle attack.

conga embeds a copy of Plone (from the source rpm):

conga-0.12.2.tar.gz
luci_db-0.12.2-4.tar.gz
plib-1.8.5
plib-1.8.5.tar.gz
Plone-2.5.5.tar.gz
Zope-2.9.8-final.tgz
Comment 4 Jan Lieskovsky 2012-01-23 16:17:46 UTC 
This issue affects the version of the conga package as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4.

This issue affects the version of the conga package as shipped with Red Hat Enterprise Linux 5.

--

This issue affects the version of the plone package, as shipped with Fedora EPEL 5. Please schedule an update once there is Zope upstream patch available.
Comment 5 Jan Lieskovsky 2012-01-23 16:26:11 UTC 
Statement:

(none)
Comment 6 Jan Lieskovsky 2012-01-23 16:28:14 UTC 
Created plone tracking bugs for this issue

Affects: epel-5 [bug 784044]