Vulnerabilities > CVE-2013-0250 - Unspecified vulnerability in Corosync

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

corosync

NVD

Published: 2014-06-06

Updated: 2014-06-09

Summary

The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet. Per: http://cwe.mitre.org/data/definitions/665.html "CWE-665: Improper Initialization"

Vulnerable Configurations

Part	Description	Count
Application	Corosync Corosync Corosync 2.0.0 Corosync Corosync 2.0.1 Corosync Corosync 2.0.2 Corosync Corosync 2.0.3 Corosync Corosync 2.1.0 Corosync Corosync 2.1.1 Corosync Corosync 2.2.0	7

References

http://seclists.org/oss-sec/2013/q1/212
http://seclists.org/oss-sec/2013/q1/213
http://seclists.org/oss-sec/2013/q1/214
http://secunia.com/advisories/52037
https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595