Upstream information

CVE-2012-2328 at MITRE

Description

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

This issue is currently rated as having low severity.

SUSE Bugzilla entry: 768128 [ASSIGNED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Evergreen 11.4
  • sblim-cim-client2 >= 2.1.3-9.1
  • sblim-cim-client2-javadoc >= 2.1.3-9.1
  • sblim-cim-client2-manual >= 2.1.3-9.1
Patchnames:
2012-13


List of planned updates

The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.
Product(s) Source package
  • SUSE Linux Enterprise Desktop 11 SP1
  • SUSE Linux Enterprise Desktop 11 SP2
  • SUSE Linux Enterprise Desktop 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP4
  • SUSE Linux Enterprise Desktop 12 GA
  • SUSE Linux Enterprise Server 11 SP1
  • SUSE Linux Enterprise Server 11 SP1 LTSS
  • SUSE Linux Enterprise Server 11 SP2
  • SUSE Linux Enterprise Server 11 SP2
  • SUSE Linux Enterprise Server 11 SP2 LTSS
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP3 LTSS
  • SUSE Linux Enterprise Server 11 SP4
  • SUSE Linux Enterprise Server 12 GA
  • SUSE Linux Enterprise Server for SAP 11 SP2
  • SUSE Linux Enterprise Server for SAP 11 SP3
  • SUSE Linux Enterprise Server for SAP 11 SP4
  • SUSE Linux Enterprise Server for SAP AIO 11 SP1
  • SUSE Linux Enterprise Server for SAP ES 11 SP1
sblim-cim-client2