Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 501194 (CVE-2012-2328) - <dev-java/sblim-cim-client-2.1.12: Hash collision DoS (CVE-2012-2328)
Summary: <dev-java/sblim-cim-client-2.1.12: Hash collision DoS (CVE-2012-2328)
Status: RESOLVED FIXED
Alias: CVE-2012-2328
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [cleanup]
Keywords:
Depends on:
Blocks: hashDoS
  Show dependency tree
 
Reported: 2014-02-13 14:57 UTC by GLSAMaker/CVETool Bot
Modified: 2014-05-23 17:37 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2014-02-13 14:57:21 UTC 
CVE-2012-2328 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2328):
  internal/cimxml/sax/NodeFactory.java in Standards-Based Linux
  Instrumentation for Manageability (SBLIM) Common Information Model (CIM)
  Client (aka sblim-cim-client2) before 2.1.12 computes hash values without
  restricting the ability to trigger hash collisions predictably, which allows
  context-dependent attackers to cause a denial of service (CPU consumption)
  via a crafted XML file.


Needs cleanup.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2014-05-20 22:13:44 UTC 
Maintainer(s), please drop the vulnerable version.
Comment 2 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2014-05-23 15:16:07 UTC 
+  23 May 2014; Tom Wijsman <TomWij@gentoo.org> -sblim-cim-client-1.3.5.ebuild,
+  -sblim-cim-client-2.0.5.ebuild:
+  Remove old, for security bug #501194 (CVE-2012-2328).

Done.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-05-23 17:37:33 UTC 
Maintainer(s), Thank you for cleanup!

No GLSA needed as there are no stable versions.