Bug 781683 (CVE-2011-4462) - CVE-2011-4462 plone: hash table collisions CPU usage DoS (oCERT-2011-003)
Summary: CVE-2011-4462 plone: hash table collisions CPU usage DoS (oCERT-2011-003)
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2011-4462
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 784044
Blocks: hashdos, oCERT-2011-003 782243
TreeView+ depends on / blocked
 
Reported: 2012-01-14 07:33 UTC by Kurt Seifried
Modified: 2021-02-24 13:25 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 13:07:59 UTC
Embargoed:


Attachments (Terms of Use)

Description Kurt Seifried 2012-01-14 07:33:20 UTC
Julian Wälde and Alexander Klink reported a flaw in the hash function used in
the implementation of the Python dictionaries (associative arrays).

A specially-crafted set of keys could trigger hash function collisions, which
degrade dictionary performance by changing hash table operations complexity
from an expected/average O(1) to the worst case O(n).  Reporters were able to
find colliding strings efficiently using meet in the middle attack.

conga embeds a copy of Plone (from the source rpm):

conga-0.12.2.tar.gz
luci_db-0.12.2-4.tar.gz
plib-1.8.5
plib-1.8.5.tar.gz
Plone-2.5.5.tar.gz
Zope-2.9.8-final.tgz

Comment 4 Jan Lieskovsky 2012-01-23 16:17:46 UTC
This issue affects the version of the conga package as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4.

This issue affects the version of the conga package as shipped with Red Hat Enterprise Linux 5.

--

This issue affects the version of the plone package, as shipped with Fedora EPEL 5. Please schedule an update once there is Zope upstream patch available.

Comment 5 Jan Lieskovsky 2012-01-23 16:26:11 UTC
Statement:

(none)

Comment 6 Jan Lieskovsky 2012-01-23 16:28:14 UTC
Created plone tracking bugs for this issue

Affects: epel-5 [bug 784044]


Note You need to log in before you can comment on or make changes to this bug.