Re: Re: CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper HMAC initialization

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/01/2013 09:37 AM, Fabio M. Di Nitto wrote:
> On 02/01/2013 05:26 PM, Jan Lieskovsky wrote:
> > Hello Kurt, Steve, vendors,
> >
> > Corosync upstream has recently released 2.0.3 version correcting 
> > one security issue:
>
> No, this version is not correct.
>
> corosync >= 2.0 to < 2.3 are affected.
>
> corosync 2.3 and higher have the fix.
>
> Also, the DoS reason is not correct. The junk filter part is a 
> consequence on how libnss work and should be dropped.
>
> Subject should be:
>
> "CVE Request -- Corosync (2.0 <= X < 2.3): Remote DoS due improper
> HMAC initialization"
>
> > A denial of service flaw was found in the way Corosync, the
> > cluster engine and application programming interfaces, performed
> > processing of certain network packets, when different encryption
> > keys were used. Previously the HMAC key was not initialized 
> > properly, which allowed certain packets to pass through to the
> > internal phases of the Corosync packet validation process,
> > possibly leading to corosync daemon crash.
>
> I explained this in details and this description is not accurate.
>
> "A remote denial of service flaw was found in the way Corosync,
> the cluster engine and application programming interfaces,
> performed processing of network packets. Previously the HMAC key
> was not initialized properly, which allowed random targeted packets
> to be processed by the internal process of corosync and possibly
> leading to a daemon crash".

Please use CVE-2013-0250  for this issue.

> > The HMAC initialization has been corrected in upstream via: [5]
> > https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595
but there might be more changes needed (Cc-in Fabio and Jan).
> 2 missing:
>
> https://github.com/corosync/corosync/commit/55dc09ea237482f827333759fd45608bc9518d64
https://github.com/corosync/corosync/commit/ebb007a16c6a8d9e6f783ed82b324cb232c64be5

Thanks for the additional info.

> Thanks Fabio


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRDBvYAAoJEBYNRVNeJnmTtpEP/j4utU/gLEpFy5geRV07sgG5
WpLX+i36ewQ4iUbDYNg7cZlaxn51zrC62G9bAz6Rdg8I55qH33d+xMVFi6UtFypB
O/OBq7JMhRZzPW28oHnr5n9IBwNHp2AEkdgm8gdOncSyB8GYWpp+b4SZ0LcbuP7f
Si5/BFzPqH0b22VgNKvs6iLC/aNArZPaXZXzrMGsBGYEGQJ9ydVzpQLvoHgMq4B4
pvLXsGwP3Eg27g+8901MxfP2E+hMP8K70CpIMpGEHAF/aKaupPrJ5OhTcc+ct9bs
Sj8DxFImOT1EOWCEH2Gyu0q/IwqX4/UPsdyq5O7oMxP0dn4VC6rh9INxkt2ZNfx3
qMTp7efIQt3c6CDMUDGuRvGaI29nxPeWOKC+0IphPGoTW+Q+6T98NmGR/aeorObd
8wLshQavIYdlJsxm8oi8F3uDehSwvZaswR3JGJwSLZCF28sNXzkoPHavjkGg6n6R
fxd0sCuYbx0dhU7IROX/1OL7Y0UG3I+PWbmqT60GfqSbfksXU9LsSbKiEeactYhU
m/ihUVMFiecYQUrRiFo/NxWWNfR/W/Xx8RWZAruogmCl71C7bso8Pl0TEUVItKT8
8wg7YrZ+D5v/96sKNU754bEBX/vsMwmnFi17mdDxzo8aVzfW2ZiXhcrhIB7NGD/n
aIfO27EEAQDcbbEq06vJ
=o2zL
-----END PGP SIGNATURE-----