Update Rushed for Hash Collisions

Wednesday, January 4, 2012 @ 11:01 AM gHale


Microsoft rushed out a security update to resolve a denial-of-service (DoS) issue that affected ASP.NET versions 1.1 and later on all supported variants of the .NET framework.

Quite a few web platforms suffer from the hash collision problem, so Microsoft wanted to react fast to the issue.

RELATED STORIES
Hash Flaw Allows DoS Attacks
Security Holes Threaten Mobile Phones
SCADA Security Alert: Mobile Workers
Breach: More SCADA System Holes

The MS11-100 security bulletin fixes a vulnerability that exists in the way ASP.NET hashes specially crafted requests. The hash collisions that occur when someone inserts malicious data into hash tables could overwhelm a server’s CPU resulting in a DoS condition.

A phishing attack could launch from a hacker using a spoofing vulnerability that verifies return URLs during the form authentication process. By exploiting this flaw, an attacker is able to redirect a user to a malicious website set up to obtain private information.

An authentication bypass vulnerability that exists in ASP.NET forms is more difficult to exploit, but if an attacker manages to register an account on the application and knows the name of the targeted account, he could utilize a special web request to initiate any action, including code execution, using the targeted account.

Also, an authentication ticket caching weakness allows for an attacker to execute arbitrary code due to the way cached content ends up handled by the framework when Forms Authentication sees use with sliding expiry.

Combined with some social engineering, an attacker could send potential victims, ones with elevated privileges, a specially crafted link.



Leave a Reply

You must be logged in to post a comment.