exploit the possibilities

MurmurHash Algorithm Collision Denial Of Service

MurmurHash Algorithm Collision Denial Of Service
Posted Nov 24, 2012
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue is similar to the one reported in oCERT-2011-003 and concerns the MurmurHash algorithm family. The condition for predictable collisions in the hashing functions has been reported for the following language implementations: JRuby (MurmurHash2), Ruby (MurmurHash2), Rubinius (MurmurHash3), Oracle JDK (MurmurHash), OpenJDK (MurmurHash). In the case of Java OpenJDK the hash function affected by the reported issue is not enabled by default, the default function is however reported vulnerable to oCERT-2011-003.

tags | advisory, java, ruby
advisories | CVE-2012-5370, CVE-2011-5371, CVE-2011-5372, CVE-2011-5373
MD5 | 173a950b56d5f7bd4eef0ced98b0cc28

MurmurHash Algorithm Collision Denial Of Service

Change Mirror Download

#2012-001 multiple implementations denial-of-service via MurmurHash algorithm
collision

Description:

A variety of programming languages suffer from a denial-of-service (DoS)
condition against storage functions of key/value pairs in hash data
structures, the condition can be leveraged by exploiting predictable
collisions in the underlying hashing algorithms.

The issue is similar to the one reported in oCERT-2011-003 and concerns the
MurmurHash algorithm family. The condition for predictable collisions in the
hashing functions has been reported for the following language
implementations: JRuby (MurmurHash2), Ruby (MurmurHash2), Rubinius
(MurmurHash3), Oracle JDK (MurmurHash), OpenJDK (MurmurHash). In the case of
Java OpenJDK the hash function affected by the reported issue is not enabled
by default, the default function is however reported vulnerable to
oCERT-2011-003.

Affected version:
Ruby < 1.9.3-p327
JRuby all versions
Rubinius, all versions
Oracle JDK <= 7
OpenJDK <= 7

Fixed version:
Ruby >= 1.9.3-p327
JRuby, N/A
Rubinius, N/A
Oracle JDK, N/A
OpenJDK, N/A

Credit: vulnerability report received from Jean-Philippe Aumasson
<jeanphilippe.aumasson AT gmail.com>, PoC code and SipHash
implementation used to patch the issue developed by Martin Bosslet
<martin.bosslet AT gmail.com>.

CVE: CVE-2012-5370 (JRuby), CVE-2011-5371 (Ruby), CVE-2011-5372 (Rubinius),
CVE-2011-5373 (Oracle JDK, OpenJDK)

Timeline:
2012-08-30: vulnerability report sent to Ruby, JRuby and Rubinius security contacts
2012-09-03: vulnerability report forwarded to oCERT by Hiroshi Nakamura (Ruby security contact)
2012-09-06: oCERT contacted reporters to investigate additional affected projects
2012-09-06: reporters indicate OpenJDK as vulnerable and that Java security team has been contacted on 2012-07-31
2012-09-10: oCERT requested CVE assignment for Ruby, JRuby and Rubinius
2012-09-12: Oracle JDK and OpenJDK confirmed vulnerable by reporters
2012-09-12: oCERT requested CVE assignment for Oracle JDK and OpenJDK
2012-10-10: reporters indicate public PoC release on 2012-11-07 at ASFWS
2012-11-08: assigned CVEs
2012-11-09: Ruby 1.9.3-p327 released
2012-11-23: advisory release

References:
https://www.131002.net/siphash

Permalink:
http://www.ocert.org/advisories/ocert-2012-001.html

--
Andrea Barisani | Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team

<lcars@ocert.org> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close