| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Jul 2012 15:50:58 GMT From: bugreport@...uard.info To: bugtraq@...urityfocus.com Subject: .Net Framework Tilde Character DoS Link: http://soroush.secproject.com/downloadable/iis_tilde_dos.txt Exploit-db link: http://www.exploit-db.com/wp-content/themes/exploit/docs/19527.pdf ---------------------------- Security Research - .Net Framework Tilde Character DoS Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "The .NET Framework is a software framework developed by Microsoft that runs primarily on Microsoft Windows. It includes a large library and provides language interoperability across several programming languages." (Wikipedia) II. DESCRIPTION --------------------- Vulnerability Research Team discovered a vulnerability in Microsoft .NET Framework. The vulnerability is caused by a tilde character "~" in a Get request, which could allow remote attackers to Deny the functionality of the server. III. AFFECTED PRODUCTS --------------------------- .Net Framework 1.0 Windows XP .Net Framework 1.1 Windows 2003 .Net Framework 2.0 Windows 2003 R2 .Net Framework 3.0 Windows 2008 .Net Framework 3.5 Windows 2008 R2 .Net Framework 4.0 Windows 2008 R2,Windows 7 IV. Binary Analysis & Exploits/PoCs --------------------------------------- In-depth technical analysis of the vulnerability and a functional exploit are available through: http://soroush.secproject.com/blog/2012/06/microsoft-iis-tilde-character-vulnerabilityfeature-short-filefolder-name-disclosure/ V. SOLUTION ---------------- There are still workarounds through Vendor and security vendors. VI. CREDIT -------------- This vulnerability was discovered by: Soroush Dalili (@irsdl) Ali Abbasnejad VII. REFERENCES ---------------------- http://support.microsoft.com/kb/142982/en-us http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/ VIII. DISCLOSURE TIMELINE ----------------------------- 2010-08-01 - Vulnerability Discovered 2010-08-03 - Vendor Informed 2010-12-01 - Vendor 1st Response 2011-01-04 - Vendor 2nd Response (next version fix) 2012-06-29 - Public Disclosure Research Link (More Details): http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
Powered by blists - more mailing lists