| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2009-2137
Solaris: denial of service via n2cp
Synthesis of the vulnerability
| An attacker can use an invalid key size in order to generate a memory leak in n2cp. |
Severity: 1/4.
Creation date: 19/06/2009.
|
Impacted products
Description of the vulnerability
The n2cp driver uses cryptographic features of the UltraSPARC-T2 processor.
HMAC algorithms are used to compute a hash based on a key and on a standard hashing algorithm. The n2cp driver offers HMACs based on MD5, SHA-1 and SHA-256. The size of the key depends on the size of the block of the algorithm (16, 20 and 32).
When the size of the key is greater than 32, an error occurs in n2cp, and the memory area used to store the HMAC context is never freed.
An attacker can therefore use a long key size in order to generate a memory leak in n2cp. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Solaris: denial of service via n2cp.
Keywords: HMAC HMACs MAC MD5 SHA-1 SHA-256 Solaris UltraSPARC-T2 denial n2cp service.
Identifiers: 258828, 6784968, 6786946, BID-35438, CERTA-2009-AVI-247, CVE-2009-2137, VIGILANCE-VUL-8811.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
Vigil@nce provides a network vulnerability database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.
|
