| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2009-2137
Solaris: denial of service via n2cp
Synthesis of the vulnerability
| An attacker can use an invalid key size in order to generate a memory leak in n2cp. |
Severity: 1/4.
Creation date: 19/06/2009.
|
Description of the vulnerability
The n2cp driver uses cryptographic features of the UltraSPARC-T2 processor.
HMAC algorithms are used to compute a hash based on a key and on a standard hashing algorithm. The n2cp driver offers HMACs based on MD5, SHA-1 and SHA-256. The size of the key depends on the size of the block of the algorithm (16, 20 and 32).
When the size of the key is greater than 32, an error occurs in n2cp, and the memory area used to store the HMAC context is never freed.
An attacker can therefore use a long key size in order to generate a memory leak in n2cp. |
Complete Vigil@nce bulletin
Characteristics
Title: Solaris: denial of service via n2cp.
Keywords: HMAC HMACs MAC MD5 SHA-1 SHA-256 Solaris UltraSPARC-T2 denial n2cp service.
Identifiers: 258828, 6784968, 6786946, BID-35438, CVE-2009-2137, VIGILANCE-VUL-8811.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Security vulnerability alerts
|
