912276 – (CVE-2013-1667) CVE-2013-1667 perl: DoS in rehashing code

Bug 912276 (CVE-2013-1667) - CVE-2013-1667 perl: DoS in rehashing code

Summary: CVE-2013-1667 perl: DoS in rehashing code

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2013-1667
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	915690 915691 915692 915693 918008
Blocks:	912291
TreeView+	depends on / blocked

Reported:	2013-02-18 09:31 UTC by Jan Lieskovsky
Modified:	2023-05-12 23:19 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-04-03 18:27:19 UTC
Embargoed:

Attachments	(Terms of Use)
Proposed upstream patch against perl-5.8.5 version (4.06 KB, patch) 2013-02-18 09:40 UTC, Jan Lieskovsky	no flags	Details \| Diff
Proposed upstream patch against perl-5.8.8 version (4.32 KB, patch) 2013-02-18 09:41 UTC, Jan Lieskovsky	no flags	Details \| Diff
Proposed upstream patch against perl-5.10.1 version (5.50 KB, patch) 2013-02-18 09:41 UTC, Jan Lieskovsky	no flags	Details \| Diff
Proposed upstream patch against perl-5.12.5 version (5.41 KB, patch) 2013-02-18 09:42 UTC, Jan Lieskovsky	no flags	Details \| Diff
Proposed upstream patch against perl-5.14.3 version (5.52 KB, patch) 2013-02-18 09:43 UTC, Jan Lieskovsky	no flags	Details \| Diff
Proposed upstream patch against perl-5.16.2 version (5.46 KB, patch) 2013-02-18 09:43 UTC, Jan Lieskovsky	no flags	Details \| Diff
Upstream 5.8.8 patch ported to RHEL-5 perl (4.36 KB, patch) 2013-03-04 16:34 UTC, Petr Pisar	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0685	0	normal	SHIPPED_LIVE	Moderate: perl security update	2013-03-26 23:26:59 UTC

Description Jan Lieskovsky 2013-02-18 09:31:30 UTC

A denial of service flaw was found in the way Perl's rehashing code implementation (responsible for recalculation of hash keys and redistribution of hash content) used to react on certain user's input. If a Perl language based application accepted untrusted user input as hash keys, an attacker could use this flaw to cause the perl executable to consume excessive amount of memory (a denial of service via memory exhaustion).

References:
[1] http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html

Comment 3 Jan Lieskovsky 2013-02-18 09:40:35 UTC

Created attachment 698789 [details]
Proposed upstream patch against perl-5.8.5 version

Comment 4 Jan Lieskovsky 2013-02-18 09:41:13 UTC

Created attachment 698790 [details]
Proposed upstream patch against perl-5.8.8 version

Comment 5 Jan Lieskovsky 2013-02-18 09:41:45 UTC

Created attachment 698791 [details]
Proposed upstream patch against perl-5.10.1 version

Comment 6 Jan Lieskovsky 2013-02-18 09:42:24 UTC

Created attachment 698792 [details]
Proposed upstream patch against perl-5.12.5 version

Comment 7 Jan Lieskovsky 2013-02-18 09:43:05 UTC

Created attachment 698793 [details]
Proposed upstream patch against perl-5.14.3 version

Comment 8 Jan Lieskovsky 2013-02-18 09:43:54 UTC

Created attachment 698794 [details]
Proposed upstream patch against perl-5.16.2 version

Comment 9 Jan Lieskovsky 2013-02-18 10:08:59 UTC

Acknowledgements:

Red Hat would like to thank Perl project for reporting this issue. Upstream acknowledges Yves Orton as the original issue reporter.

Comment 10 Jan Lieskovsky 2013-02-18 10:11:07 UTC

This issue affects the versions of the perl package, as shipped with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the perl package, as shipped with Fedora release of 17 and 18.

Comment 14 Petr Pisar 2013-03-04 16:34:42 UTC

Created attachment 705064 [details]
Upstream 5.8.8 patch ported to RHEL-5 perl

Comment 15 Vincent Danen 2013-03-04 23:05:13 UTC

This is now corrected upstream:

Prevent premature hsplit() calls, and only trigger REHASH after hsplit():

http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5 (maint-5.16)
http://perl5.git.perl.org/perl.git/commitdiff/9d83adc (maint-5.12)
http://perl5.git.perl.org/perl.git/commitdiff/d59e31f (maint-5.14)

Comment 16 Jan Lieskovsky 2013-03-05 09:52:23 UTC

Created perl tracking bugs for this issue

Affects: fedora-all [bug 918008]

Comment 17 Fedora Update System 2013-03-22 00:48:47 UTC

perl-5.16.2-240.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 errata-xmlrpc 2013-03-26 19:27:51 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:0685 https://rhn.redhat.com/errata/RHSA-2013-0685.html

Comment 21 Fedora Update System 2013-04-03 04:55:38 UTC

perl-5.14.4-224.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.