Multiple Programming Language Implementations Vulnerable to
Posted: Wed Dec 28, 2011 7:45 pmMultiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks
Original release date: December 28, 2011 at 1:04 pm
Last revised: December 28, 2011 at 1:04 pm
US-CERT is aware of reports stating that multiple programming language
implementations, including web platforms, are vulnerable to hash table
collision attacks. This vulnerability could be used by an attacker to
launch a denial-of-service attack against websites using affected
products.
The Ruby Security Team has updated Ruby 1.8.7. The Ruby 1.9 series is
not affected by this attack. Additional information can be found in
the ruby 1.8.7 patchlevel 357 release notes.
Microsoft has released a security advisory for ASP.NET containing a
workaround. Additional information can be found in Microsoft Security
Advisory 2659883.
More information regarding this vulnerability can be found in US-CERT
Vulnerability Note VU#903934 and n.runs Security Advisory
n.runs-SA-2011.004.
US-CERT will provide additional information as it becomes available.
Relevant Url(s):
<http://www.ruby-forum.com/topic/3312298>
<http://www.nruns.com/_downloads/advisory28122011.pdf>
<http://technet.microsoft.com/en-us/security/advisory/2659883>
<http://www.kb.cert.org/vuls/id/903934>
====
This entry is available at
http://www.us-cert.gov/current/index.ht ... le_to_hash
Original release date: December 28, 2011 at 1:04 pm
Last revised: December 28, 2011 at 1:04 pm
US-CERT is aware of reports stating that multiple programming language
implementations, including web platforms, are vulnerable to hash table
collision attacks. This vulnerability could be used by an attacker to
launch a denial-of-service attack against websites using affected
products.
The Ruby Security Team has updated Ruby 1.8.7. The Ruby 1.9 series is
not affected by this attack. Additional information can be found in
the ruby 1.8.7 patchlevel 357 release notes.
Microsoft has released a security advisory for ASP.NET containing a
workaround. Additional information can be found in Microsoft Security
Advisory 2659883.
More information regarding this vulnerability can be found in US-CERT
Vulnerability Note VU#903934 and n.runs Security Advisory
n.runs-SA-2011.004.
US-CERT will provide additional information as it becomes available.
Relevant Url(s):
<http://www.ruby-forum.com/topic/3312298>
<http://www.nruns.com/_downloads/advisory28122011.pdf>
<http://technet.microsoft.com/en-us/security/advisory/2659883>
<http://www.kb.cert.org/vuls/id/903934>
====
This entry is available at
http://www.us-cert.gov/current/index.ht ... le_to_hash