TITLE: Microsoft .NET Framework Multiple Vulnerabilities Criticality level: Moderately critical Impact: Security Bypass, Spoofing, DoS Where: From remote Software: Microsoft .NET Framework 1.x Microsoft .NET Framework 2.x Microsoft .NET Framework 3.x Microsoft .NET Framework 4.x SECUNIA ADVISORY ID: http://secunia.com/advisories/47323/ DESCRIPTION: Four vulnerabilities have been reported in Microsoft .NET Framework, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct spoofing attacks, or bypass certain security restrictions. 1) An error within ASP.NET when hashing form posts and updating a hash table can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request. Successful exploitation of this vulnerability requires that a site allows "application/x-www-form-urlencoded" or "multipart/form-data" HTTP content types. 2) An error in the verification of return URLs during the forms authentication process can be exploited to redirect a user to an arbitrary website without the user's knowledge to e.g. conduct phishing attacks. Successful exploitation of this vulnerability requires that "Forms Authentication" is configured per-application to be enabled. 3) An error in the authentication process when handling specially crafted usernames can be exploited to access arbitrary users' accounts to an ASP.NET application via a specially crafted web request. Successful exploitation of this vulnerability requires that "Forms Authentication" is configured per-application to be enabled and that a user can register an account on the ASP.NET application and knows of a target user's account name. 4) An error in the handling of cached content when "Forms Authentication" is used with sliding expiry can be exploited to execute arbitrary commands in context of a target user tricked into following a specially crafted link. Successful exploitation of this vulnerability requires that ASP.NET responses are cached through use of the "OutputCache" directive. SOLUTION: Apply patches. ORIGINAL ADVISORY: MS11-100 (KB2638420, KB2656351, KB2656352, KB2656353, KB2656355, KB2656356, KB2656358, KB2656362, KB2657424): http://technet.microsoft.com/en-us/security/bulletin/MS11-100 n.runs (SA-2011.004): http://www.nruns.com/_downloads/advisory28122011.pdf ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-