OSVDB ID: 70212 Title: OpenBSD carp_proto_input_c CARP Hash Modification DoS |
Info |
|
|
Dates |
||||
|
|
Description |
OpenBSD contains a flaw that may allow a remote denial of service. The issue is triggered when the CARP implementation fails to include all fields contained in the 'carp_header' structure when calculating the SHA1 HMAC hash of the packet in the 'carp_proto_input_c' function, allowing an attacker to force all CARP nodes to assume the backup role, resulting in a denial of service. |
Classification |
Location:
Remote / Network Access
Attack Type: Cryptographic, Denial of Service Impact: Loss of Availability Solution: Upgrade Exploit: Exploit Public Disclosure: Uncoordinated Disclosure |
Solution |
It has been reported that this issue has been fixed. Upgrade to the latest version to address this vulnerability. |
Products |
|
References |
|
Credit |
Unknown or Incomplete |