CVE-2013-0250

Published: 6 June 2014

The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.

Priority

Status

Package	Release	Status
corosync Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable (code-not-present)
	oneiric	Not vulnerable (code-not-present)
	precise	Not vulnerable (code-not-present)
	quantal	Not vulnerable (code-not-present)
	upstream	Needs triage
	Patches: upstream: https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595

References

http://www.openwall.com/lists/oss-security/2013/02/01/1
https://www.cve.org/CVERecord?id=CVE-2013-0250
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699615
https://bugzilla.redhat.com/show_bug.cgi?id=906834

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›