Hash collisions vulnerability in web servers
A new vulnerability advisory by security firm n-runs [1] describes how hash tables in PHP5,Java,ASP.NET and others can be attacked with deliberate collisions in the hash function, leading to a denial of service (DoS) on the web server in question. Microsoft have already responded with an advisory [2] of their own, other vendors are likely to follow.
Updated 2300UTC: MSFT published additional information [3] on how to detect and mitigate an attack.
[1] http://www.nruns.com/_downloads/advisory28122011.pdf
[2] http://technet.microsoft.com/en-us/security/advisory/2659883
[3] http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx
×
Diary Archives
Comments
Raymond
Dec 29th 2011
1 decade ago
According to the Twitter entry http://mobile.twitter.com/msftsecresponse/status/152252561213231104 the out-of-band update will be for the issue described in the article above.
Ottmar Freudenberger
Dec 29th 2011
1 decade ago
See "Advanced Notification for out-of-band release to address Security Advisory 2659883" (http://blogs.technet.com/b/msrc/archive/2011/12/28/advanced-notification-for-out-of-band-release-to-address-security-advisory-2659883.aspx) and "Microsoft releases Security Advisory 2659883, offers workaround for industry-wide issue" (http://blogs.technet.com/b/msrc/archive/2011/12/28/microsoft-releases-security-advisory-2659883-offers-workaround-for-industry-wide-issue.aspx) for more information.
Tobias
Dec 29th 2011
1 decade ago
Jonas
Dec 29th 2011
1 decade ago
See: http://www.ocert.org/advisories/ocert-2011-003.html
2011-12-28
.
PC.Tech
Dec 29th 2011
1 decade ago
MS11-100 is now live at http://technet.microsoft.com/en-us/security/bulletin/ms11-100
Microsoft planned ahead with 3 digit bulletin numbers, I hope we never get to 999 in a single year :)
baillard
Dec 29th 2011
1 decade ago
Nick
Dec 30th 2011
1 decade ago
The patch is required because some web applications might require to manage big amounts of data in POST requests, or at least, big enough to make the attack feasible.
Raul Siles
Dec 30th 2011
1 decade ago