Vigil@nce - Apache APR: denial of service via hash collision
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker could send data generating storage collisions, in
order to overload a service.
Severity: 1/4
Creation date: 22/02/2012
Revision date: 24/02/2012
IMPACTED PRODUCTS
– Mandriva Enterprise Server
– Mandriva Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The bulletin VIGILANCE-VUL-11254 describes a vulnerability which
can be used to create a denial of service on several applications.
This vulnerability could impact APR. Apache indicates that there
is no intrinsic vulnerability, and that the algorithm was
optimized to mitigate potential hash collisions.
In order to simplify VIGILANCE-VUL-11254, which was too big,
solutions for APR were moved here.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-APR-denial-of-service-via-hash-collision-11380