lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 11 Dec 2003 19:58:17 +0200
From: Amit Klein <Amit.Klein@...ctumInc.com>
To: BugTraq@...urityFocus.com, news@...uriteam.com
Subject: Multiple vendor SOAP server (XML parser) denial of service (DTD parameter
 entities)


///////////////////////////////////////////////////////////////////////////////
//==========================>> Security Advisory 
<<==========================//
///////////////////////////////////////////////////////////////////////////////

--------------------------------------------------------------------------------
-----[ Multiple vendor SOAP server (XML parser) denial of service
                       (DTD parameter entities)
--------------------------------------------------------------------------------

--[ Author: Amit Klein, Sanctum inc. http://www.SanctumInc.com

--[ Vendors alerted: August 28th, 2003

--[ Release Date: December 11th, 2003

--[ Product:
 
IBM WebSphere 5.0.0 (even when patched with "old" PQ70921)

Microsoft ASP.NET Web Services (.NET framework 1.0, .NET framework 1.1)

... And probably other products which use XML parsers
 
--[ Severity: High

--[ CVE: N/A

--[ Description

The DTD part of the XML document enables the document to define parameter
entities, which are used (only) inside the DTD as a shortname for repeating
DTD definitions. An attacker can send a specially crafted SOAP request, 
which
makes use of parameter entities to inflict a denial of service condition on
the server. In some cases, the parser returns an out of memory error 
after a long while.
In some other cases, the CPU load remains stable at 100% for as long as 
the process
keeps running. Another effect is that memory (hundreds of megabytes) was 
not freed
even when the CPU load dropped and a response was issued.

--[ Solution

IBM WebSPhere 5.0.0 - IBM has released a new version of PQ70921 Which 
can be found in
http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q=PQ70921&uid=swg24005582
Apply the new patch PQ70921 (even if it was applied earlier).

Microsoft ASP.NET Web Services - Microsoft has released an update to the 
.NET Framework.
It is documented in Knowledge Base article 826231, at the following URL:
http://support.microsoft.com/default.aspx?kbid=826231

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ