oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Hash collision issue in Mono/C# (similar to Microsoft .NET issue)

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 28 Aug 2012 12:05:42 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/28/2012 09:19 AM, Marcus Meissner wrote:

Hi,

The hash collision problem can also be found in the C# Mono
implementation.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3414 
describes the issue for the Microsoft .NET runtime, but as the
issue is also in the Mono implementation it needs a different CVE
there.

References: https://bugzilla.novell.com/show_bug.cgi?id=739119 
https://github.com/mono/mono/commit/2ab1a051058fee5ea3aec2e071fba7000b693488



https://github.com/mono/mono/commit/c3e088bf2fc22d66d0f17b74676de366f661c3eb


Ciao, Marcus


Please use CVE-2012-3543 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQPQh2AAoJEBYNRVNeJnmTO/UQALbSaUvcdAKvWfQBawGMKpPL
BwchHbYhaTXeC0oPtW6lfSTg7DrzaAN0YPazw1+RsIWaHgyzZbLUdsze1rkVQRuB
KQOXLs7IDo0pjBoPNotVxeVLDjf/giPhAC6hum5M8/hw+PJNE0c7d0W6QyESFWP8
X9bRDIRDmUvd+Wy5H7+/UkPXn5I6cNoQxL0Xb4xgNNIgZfctbSP6sD0zYtmWUCRR
yDhYuhOs9WTWID+6Jte31Du3dBSQQPTWqPbaBf9a0EnsnLw3qk63f9m20Xb6CUYU
CPR/ji40/k7EfjiJRNR6c7Zpar0+otl0s+um3ADIAUUktEt//4FRcMNltzfKH4xY
ezPOqoob09J0hlfjoidQIJFN+Prtujh2Yd+LQbN5Kd2ibQQ+rcNVsKQjh2gUZivP
jcPL7DmCED9Wj2FhYpx+8XKH3nMpl+rWYJ6FwS8tl9HSuFD2xYyrtiIDgCsWb9dY
Wxj4rycT7zqHDrTXT/qj/Qk6JB0tOxmWnikjbv5NQ1DrpJJwO3ZA2hR9co9dT7cl
x+WWeIdd2NrEqanzckHbrG4sOMCM5tYJo3zSy5ggZHc++56C/SKKe7lsUj/d6xcF
+IYk3eDbSsSJ/0FYUJJ6FnMZfNxM15z36gpMF/4aO35KxGPHf3d2aY8MDlxjjzJn
Ickbw3tnRrszvw7YwdzD
=HcSG
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: