Vigil@nce - Perl: denial of service via hash collision
March 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send data generating storage collisions in a Perl
applications, in order to overload a service.
Impacted products: Debian, openSUSE, Slackware, SUSE Linux
Enterprise Desktop, SLES, Unix (platform)
Severity: 2/4
Creation date: 06/03/2013
DESCRIPTION OF THE VULNERABILITY
The bulletin VIGILANCE-VUL-11254 describes a vulnerability which
can be used to create a denial of service on several applications.
To solve this vulnerability, Perl periodically recomputes keys, in
order to redistribute data. However, this algorithm is incorrect.
Technical details are unknown.
An attacker can therefore send data generating storage collisions
in a Perl applications, in order to overload a service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-denial-of-service-via-hash-collision-12485