CVE-2013-0250

Severity

50%

Complexity

99%

Confidentiality

48%

Per: http://cwe.mitre.org/data/definitions/665.html "CWE-665: Improper Initialization"

The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.

Per: http://cwe.mitre.org/data/definitions/665.html "CWE-665: Improper Initialization"

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Corosync

First reported 10 years ago

2014-06-06 14:55:00

Last updated 10 years ago

2014-06-09 13:34:00

Affected Software

Corosync 2.0.0

2.0.0

Corosync 2.0.1

2.0.1

Corosync 2.0.2

2.0.2

Corosync 2.0.3

2.0.3

Corosync 2.1.0

2.1.0

Corosync 2.1.1

2.1.1

Corosync 2.2.0

2.2.0

References

[oss-security] 20130201 CVE Request -- Corosync (X < 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used

[oss-security] 20130201 Re: CVE Request -- Corosync (X < 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used

[oss-security] 20130201 Re: Re: CVE Request -- Corosync (X < 2.0.3): Remote DoS due improper HMAC initialization and improper junk filtering when different encryption keys used

52037

https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595

Exploit, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.