CERT RENATER
Nous contacter
- Mail : cert@support.renater.fr
- Web : Pages du CERT
- Tél : 01.53.94.20.44
- Fax : 01.53.94.20.31
==================================================================== CERT-Renater Note d'Information No. 2011/VULN677 _____________________________________________________________________ DATE : 29/12/2011 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running Hash table implementations. ====================================================================== http://www.kb.cert.org/vuls/id/903934 ______________________________________________________________________ Vulnerability Note VU#903934 Hash table implementations vulnerable to algorithmic complexity attacks Overview Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. I. Description Many applications, including common web framework implementations, use hash tables to map key values to associated entries. If the hash table contains entries for different keys that map to the same hash value, a hash collision occurs and additional processing is required to determine which entry is appropriate for the key. If an attacker can generate many requests containing colliding key values, an application performing the hash table lookup may enter a denial of service condition. Hash collision denial-of-service attacks were first detailed in 2003, but recent research details how these attacks apply to modern language hash table implementations. II. Impact An application can be forced into a denial-of-service condition. In the case of some web application servers, specially-crafted POST form data may result in a denial-of-service. III. Solution Apply an update Please review the Vendor Information section of this document for vendor-specific patch and workaround details. Limit CPU time Limiting the processing time for a single request can help minimize the impact of malicious requests. Limit maximum POST size Limiting the maximum POST request size can reduce the number of possible predictable collisions, thus reducing the impact of an attack. Limit maximum request parameters Some servers offer the option to limit the number of parameters per request, which can also minimize impact. Vendor Information Vendor Status Date Notified Date Updated Adobe Unknown 2011-11-01 2011-11-01 Apache Tomcat Affected 2011-12-28 IBM Corporation Unknown 2011-11-01 2011-11-01 Microsoft Corporation Affected 2011-11-01 2011-12-28 Oracle Corporation Unknown 2011-11-01 2011-11-01 Ruby Affected 2011-11-01 2011-12-28 The PHP Group Affected 2011-12-28 References http://www.nruns.com/_downloads/advisory28122011.pdf http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf Credit Thanks to Alexander Klink and Julian Wälde for reporting these vulnerabilities. This document was written by Jared Allar and David Warren. Other Information Date Public: 2011-12-28 Date First Published: 2011-12-28 Date Last Updated: 2011-12-28 CERT Advisory: CVE-ID(s): CVE-2011-4815 CVE-2011-3414 NVD-ID(s): CVE-2011-4815 CVE-2011-3414 US-CERT Technical Alerts: Severity Metric: 10,80 Document Revision: 17 If you have feedback, comments, or additional information about this vulnerability, please send us email. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + ========================================================= [An attachment of type application/pkcs7-signature was included here]