[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-users] [SECURITY] Vulnerability to algorithmic complexity attac
[Chicken-users] [SECURITY] Vulnerability to algorithmic complexity attack due to incorrect randomization of symbol table
Sun, 16 Jul 2017 20:32:03 +0200
It was discovered that our fix for CVE-2012-6125 was incorrect
for the internal Scheme symbol table.
The code that sets up the initial symbol table is run _before_
initializing the PRNG, which means the randomization factor uses
the initial libc seed state. On most libc implementations this
means the symbol table randomization factor is a constant value
which does not differ between runs.
This allows an attacker who is able to create arbitrary symbols
to defeat the hash table's average complexity to the worst case
behaviour of a linear search by ensuring these symbols all hash
to the same hash bucket.
This has been fixed in both the master and chicken-5 branches.
A patch is available here:
There's no good workaround. One option would be to use LD_PRELOAD
with a small library that calls srand() on startup.
This issue affects all released versions of CHICKEN.
The CHICKEN Team
Description: PGP signature
- [Chicken-users] [SECURITY] Vulnerability to algorithmic complexity attack due to incorrect randomization of symbol table,
Peter Bex <=