Bug 819733 (CVE-2012-2328)

Summary: CVE-2012-2328 sblim: hash table collisions CPU usage DoS
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jlieskov, vcrhonek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-19 21:54:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 803391    
Bug Blocks: 819734    

Description Kurt Seifried 2012-05-08 05:45:55 UTC 
Juraj Somorovsky reported that certain XML parsers/servers are affected by the
same, or similar, flaw as the hash table collisions CPU usage denial of
service.  Sending a specially crafted message to an XML service can result in
longer processing time, which could lead to a denial of service.  It is
reported that this attack on XML can be applied on different XML nodes (such as
entities, element attributes, namespaces, various elements in the XML security,
etc.).

sblim is written in Java and makes significant use of arrays.
Comment 2 Jan Lieskovsky 2012-05-10 14:12:44 UTC 
SourceForge sblim upstream ticket:
[1] http://sourceforge.net/tracker/?func=detail&aid=3498482&group_id=128809&atid=712784

Patch against v2.1.3 version:
[2] http://sourceforge.net/tracker/download.php?group_id=128809&atid=712784&file_id=437695&aid=3498482

Patch against the HEAD version (picked up by v2.1.12 release):
[3] http://sourceforge.net/tracker/download.php?group_id=128809&atid=712784&file_id=438227&aid=3498482
Comment 3 Tomas Hoger 2012-06-15 08:23:53 UTC 
Upstream commit:
http://sblim.cvs.sourceforge.net/viewvc/sblim/jsr48-client/src/org/sblim/cimclient/internal/cimxml/sax/NodeFactory.java?view=log#rev1.7
Comment 4 errata-xmlrpc 2012-06-20 07:22:39 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0987 https://rhn.redhat.com/errata/RHSA-2012-0987.html
Comment 6 Tomas Hoger 2012-07-26 08:59:22 UTC 
The fix that was applied here is not correct (randomization as used here does not help) and was not actually needed (NODENAME_HASH uses fixed, hard-coded set of strings as HashMap keys):

https://sourceforge.net/tracker/index.php?func=detail&aid=3535383&group_id=128809&atid=712784

It seems upstream will eventually revert the fix.