[PCWorks] Microsoft .NET Framework Multiple Vulnerabilities
- From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Sat, 31 Dec 2011 08:51:00 -0600
TITLE:
Microsoft .NET Framework Multiple Vulnerabilities
Criticality level: Moderately critical
Impact: Security Bypass, Spoofing, DoS
Where: From remote
Software:
Microsoft .NET Framework 1.x
Microsoft .NET Framework 2.x
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x
SECUNIA ADVISORY ID:
http://secunia.com/advisories/47323/
DESCRIPTION:
Four vulnerabilities have been reported in Microsoft .NET
Framework,
which can be exploited by malicious people to cause a DoS
(Denial of
Service), conduct spoofing attacks, or bypass certain security
restrictions.
1) An error within ASP.NET when hashing form posts and updating
a
hash table can be exploited to cause a hash collision resulting
in
high CPU consumption via a specially crafted form sent in a
HTTP
POST request.
Successful exploitation of this vulnerability requires that a
site
allows "application/x-www-form-urlencoded" or
"multipart/form-data"
HTTP content types.
2) An error in the verification of return URLs during the forms
authentication process can be exploited to redirect a user to
an
arbitrary website without the user's knowledge to e.g. conduct
phishing attacks.
Successful exploitation of this vulnerability requires that
"Forms
Authentication" is configured per-application to be enabled.
3) An error in the authentication process when handling
specially
crafted usernames can be exploited to access arbitrary users'
accounts to an ASP.NET application via a specially crafted web
request.
Successful exploitation of this vulnerability requires that
"Forms
Authentication" is configured per-application to be enabled and
that
a user can register an account on the ASP.NET application and
knows
of a target user's account name.
4) An error in the handling of cached content when "Forms
Authentication" is used with sliding expiry can be exploited to
execute arbitrary commands in context of a target user tricked
into
following a specially crafted link.
Successful exploitation of this vulnerability requires that
ASP.NET
responses are cached through use of the "OutputCache"
directive.
SOLUTION:
Apply patches.
ORIGINAL ADVISORY:
MS11-100 (KB2638420, KB2656351, KB2656352, KB2656353,
KB2656355,
KB2656356, KB2656358, KB2656362, KB2657424):
http://technet.microsoft.com/en-us/security/bulletin/MS11-100
n.runs (SA-2011.004):
http://www.nruns.com/_downloads/advisory28122011.pdf
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
