Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Security Activity Bulletin

Multiple Products Hash Collisions Denial of Service Vulnerability

 
Threat Type:IntelliShield: Applied Mitigation Bulletin
IntelliShield ID:24871
Version:17
First Published:2012 January 04 18:42 GMT
Last Published:2013 September 20 15:17 GMT
Port: Not available
CVE:CVE-2011-4461 , CVE-2011-4815 , CVE-2011-4885 , CVE-2012-0193 , CVE-2012-0841
BugTraq ID:51193 , 51198 , 51199
Urgency:Unlikely Use
Credibility:Confirmed
Severity:Mild Damage
 
 
Version Summary:Apple has released an additional security advisory and updated software to address the multiple products hash collisions denial of service vulnerability.
 

Description
 
Multiple products contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to an implementation flaw in the code responsible for handling the hashing functionality in the affected products. A hash table provides the data structure to store user-supplied input using a mathematical property in an effort to minimize the overhead to access a given record. A good hashing function ensures uniqueness of each entry while calculating the location for a set of inputs. However, most implementations do not include mechanisms such as randomized hash functions. As a result, the function could fail to identify occurrences of hash collisions for multiple string patterns.

An unauthenticated, remote attacker could exploit the vulnerability by submitting malicious HTTP POST requests that contain a sequence of string patterns that could generate similar hash keys to a vulnerable application. Processing these requests could introduce multiple hash collisions, and the algorithmic complexity for adding an item into the hash table could increase significantly. The increased complexity could consume excessive system resources, leading to a DoS condition on the system.

The following products are vulnerable:
  • Apache Tomcat versions prior to 5.5.35, 6.0.35, and 7.0.23
  • Microsoft .NET Framework versions 1.1 SP1 and prior, versions 2.0 SP2 and prior, versions 3.5 SP1 and prior, and version 4
  • Jetty versions 8.1.0.RC2 and prior
  • Libxml2 versions 2.7.8 and prior
  • Oracle GlassFish versions 3.1.1 and prior
  • PHP versions 5.3.8 and prior
  • Ruby versions 1.8.7-p352 and prior
Apache has confirmed the vulnerability in the svn repository. Reports indicate patches are under development and will be released soon.

Microsoft has released a security bulletin at the following link: MS11-100. Microsoft customers can obtain updates directly by using the links in the security bulletin. These updates are also distributed by Windows automatic update features and available on the Windows Update website. Microsoft Windows Server Update Services (WSUS), Systems Management Server, and System Center Configuration Manager can assist administrators in deploying software updates.

Oracle has released a security advisory at the following link: CVE-2011-4815. Oracle has released patches for registered users at the following link: Solaris 11 11/11 SRU 6.6.

Ruby has released a security announcement at the following link: Denial of service attack was found for Ruby's Hash algorithm (CVE-2011-4815). Ruby has released updated software at the following link: Ruby 1.8.7-p357

Apple has released security advisories at the following links: HT5281 and HT5934

Apple has released updated software at the following links:

OS X Lion Update 10.7.4 (Client)
OS X Lion Update 10.7.4 (Server)

Apple has released software updates, which are available through iTunes or Software Update on devices running Apple iOS.

CentOS packages can be updated using the up2date or yum command.


FreeBSD has released VuXML documents at the following links: php -- multiple vulnerabilities and Multiple implementations denial-of-service via hash algorithm collision

FreeBSD releases ports collection updates at the following link: Ports Collection Index

HP has released security bulletins c03127140, c03281867, and c03360041 at the following links: HPSBMU02736 SSRT100699, HPSBOV02763 SSRT100826, and HPSBMU02786 SSRT100877

HP users are advised to follow the mitigation steps in the vendor advisory.

HP has released updated software at the following links:

OpenVMS
CSWS_PHP Version 2.2-1

HP System Management Homepage 7.1.1 for Windows x64
HP System Management Homepage 7.1.1 for Windows x86
HP System Management Homepage 7.1.1 for Linux (AMD64/EM64T)
HP System Management Homepage 7.1.1 for Linux (x86)

IBM has released security bulletins at the following links: swg24031821 and swg21577532

IBM has released fixes at the following link: IBM WebSphere Application Server

Red Hat has released security advisories at the following links: RHSA-2012:0019, RHSA-2012-0033, RHSA-2012:0069, RHSA-2012:0070, RHSA-2012:0071, RHSA-2012:0324, RHSA-2012:1604, RHSA-2012:1605, RHSA-2012:1606, and RHSA-2013:0217

Red Hat packages can be updated using the up2date or yum command.


Red Hat has released updated packages for registered users at the following links:

Fuse ESB Enterprise 7.1.0 update
Fuse MQ Enterprise 7.1.0 update
Fuse Management Console 7.1.0 update

VMware has released security advisories at the following links: VMSA-2012-0012 and VMSA-2012-0013

VMware has released updated software at the following links
:

ESXi 5.0
ESXi500-201207101-SG

ESX 4.1
ESX410-201208102-SG

VMware has notified customers that updated patches are pending for ESXi versions 4.1 and prior.
 
Alert History
 

Version 16, February 1, 2013, 3:56 PM: Red Hat has released an additional security advisory and updated packages to address multiple products hash collisions denial of service vulnerability. CentOS has also released updated packages to address this vulnerability.

Version 15, December 21, 2012, 6:20 AM: Red Hat has released additional security advisories and updated packages to address multiple products hash collisions denial of service vulnerability.

Version 14, September 4, 2012, 2:15 PM: VMware has released an additional security advisory and updated patches to address the hash collisions denial of service vulnerability found in multiple products.

Version 13, July 17, 2012, 11:35 AM: VMware has released a security advisory and updated patches to address the hash collisions denial of service vulnerability found in multiple products.

Version 12, June 29, 2012, 9:23 AM: HP has released an additional security bulletin and updated software to address the hash collisions denial of service vulnerability found in multiple products.

Version 11, May 10, 2012, 10:10 AM: Apple has released a security advisory and updated software to address the multiple products hash collisions denial of service vulnerability.

Version 10, April 20, 2012, 11:45 AM: Oracle has released a security advisory and patches to address multiple products hash collisions denial of service vulnerability.

Version 9, April 17, 2012, 1:58 PM: HP has released an additional security bulletin and updated software to address multiple products hash collisions denial of service vulnerability.

Version 8, February 24, 2012, 10:54 AM: Red Hat has released additional security advisories and updated packages to address multiple products hash collisions denial of service vulnerability. CentOS has also released updated packages to address this vulnerability.

Version 7, February 7, 2012, 10:34 AM: HP has released a security bulletin to address the multiple products hash collisions denial of service vulnerability.

Version 6, January 31, 2012, 10:54 AM: Red Hat has released additional security advisories and updated packages to address multiple products hash collisions denial of service vulnerability. CentOS has also released updated packages to address this vulnerability.

Version 5, January 23, 2012, 3:11 PM: IBM has released a flash alert and fixes to address the multiple products hash collisions denial of service vulnerability.

Version 4, January 19, 2012, 1:51 PM: Red Hat has released an additional security advisory and updated packages to address the multiple products hash collisions denial of service vulnerability. CentOS has also released updated packages to address this vulnerability.

Version 3, January 17, 2012, 6:08 PM: FreeBSD has released an additional VuXML document and updated ports collection to address the multiple products hash collisions denial of service vulnerability.

Version 2, January 12, 2012, 11:26 AM: FreeBSD has released a VuXML document and updated ports collection to address the multiple products hash collisions denial of service vulnerability. Red Hat and CentOS have also released a security advisory and updated packages to address this vulnerability.

Version 1, January 4, 2012, 1:42 PM: Multiple products contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are available.


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
Microsoft, Inc..NET Framework 1.0 Base, SP1, SP2, SP3 | 2.0 Base, SP1, SP2 | 3.5 Base, SP1 | 4.0 Base
Mort Bay ConsultingJetty 6.1 Base, .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11, .12, .13, .14, .15, .16 | 7 Base
phpphp 5.3.0 Base | 5.3.1 Base | 5.3.2 Base | 5.3.3 Base | 5.3.4 Base | 5.3.5 Base | 5.3.6 Base | 5.3.7 Base | 5.3.8 Base
Sun Microsystems, Inc.Sun GlassFish Enterprise Server 3.0 Base, .1 | 3.1 Base, .1
The Jakarta ProjectTomcat Java Server 5.5.0 Base | 5.5.1 Base | 5.5.2 Base | 5.5.3 Base | 5.5.4 Base | 5.5.5 Base | 5.5.6 Base | 5.5.7 Base | 5.5.8 Base | 5.5.9 Base | 5.5.10 Base | 5.5.11 Base | 5.5.12 Base | 5.5.13 Base | 5.5.14 Base | 5.5.15 Base | 5.5.16 Base | 5.5.17 Base | 5.5.18 Base | 5.5.19 Base | 5.5.20 Base | 5.5.21 Base | 5.5.22 Base | 5.5.23 Base | 5.5.24 Base | 5.5.25 Base | 5.5.26 Base | 5.5.27 Base | 5.5.28 Base | 5.5.29 Base | 5.5.30 Base | 5.5.31 Base | 5.5.32 Base | 5.5.33 Base | 5.5.34 Base | 6.0.0 Base | 6.0.1 Base | 6.0.2 Base | 6.0.3 Base | 6.0.4 Base | 6.0.5 Base | 6.0.6 Base | 6.0.7 Base | 6.0.8 Base | 6.0.9 Base | 6.0.10 Base | 6.0.11 Base | 6.0.12 Base | 6.0.13 Base | 6.0.14 Base | 6.0.15 Base | 6.0.16 Base | 6.0.18 Base | 6.0.19 Base | 6.0.20 Base | 6.0.21 Base | 6.0.22 Base | 6.0.23 Base | 6.0.24 Base | 6.0.25 Base | 6.0.26 Base | 6.0.27 Base | 6.0.28 Base | 6.0.29 Base | 6.0.30 Base | 6.0.31 Base | 6.0.32 Base | 6.0.33 Base | 6.0.34 Base | 6.1.0 Base | 7.0 .0, .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .20, .21, .22
xmlsoft.orglibxml2 2.5 .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11 | 2.6 .0, .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .20, .21, .22, .23, .24, .25, .26, .27, .28, .29, .30, .31, .32 | 2.7 .0, .1, .2, .3, .4, .5, .6, .7, .8
Yukihiro MatsumotoRuby 1.8 .6-p398, .6-p420, .7, .7-p17, .7-p21, .7-p22, .7-p71, .7-p72, .7-p160, .7-p248, .7-p249, .7-p299, .7-p302, .7-p330, .7-p334, .7 -p352

Associated Products:
AppleiOS 4.0 Base, .1, .2 | 4.1 Base | 4.2 Base, .1, .5, .6, .7, .8, .9 | 4.3 Base, .1, .2, .3, .4, .5 | 5.0 Base | 5.1 Base | 6.0 Base | 6.1 Base, .1, .2, .3
AppleMac OS X 10.7 Base | 10.7.1 Base | 10.7.2 Base | 10.7.3 Base
AppleMac OS X Server 10.7 Base | 10.7.1 Base | 10.7.2 Base | 10.7.3 Base
CentOS ProjectCentOS 4 .0 i386, .0 x86_64, .1 i386, .1 x86_64, .2 i386, .2 x86_64, .3 i386, .3 x86_64, .4 i386, .4 x86_64, .5 i386, .5 x86_64, .6 i386, .6 x86_64, .7 i386, .7 x86_64 | 5 .0 i386, .0 x86_64, .1 i386, .1 x86_64, .2 i386, .2 x86_64, .3 i386, .3 x86_64, .4 i386, .4 x86_64, .5 i386, .5 x86_64 | 6 .0 i386, .0 x86_64, .1 i386, .1 x86_64, .2 i386, .2 x86_64
FreeBSD ProjectFreeBSD 6.3 Base | 6.4 Base | 7.0 Base | 7.1 Base | 7.2 Base | 7.3 Base | 7.4 Base | 8.0 Base | 8.1 Base | 8.2 Base | 9.0 Base
HPBusiness Availability Center 8.0 Base | 8.01 Base | 8.02 Base | 8.03 Base | 8.04 Base | 8.05 Base | 8.06 Base | 8.07 Base
HPBusiness Service Management 9.00 Base | 9.01 Base | 9.10 Base | 9.11 Base | 9.12 Base
HPSecure Web Server (SWS) for OpenVMS Itanium 2.1 -1 | 2.20 Base
HPSecure Web Server (SWS) for OpenVMS Alpha 2.1 -1 | 2.20 Base
HPSystem Management Homepage (SMH) 6.0.0 Base | 6.1 Base | 6.2 Base | 7.0 Base | 7.1 Base
IBMWebSphere Application Server 6.0 Base, .0.2, .0.3, .1, .1.1, .1.2, .2, .2.1, .2.2, .2.3, .2.4, .2.5, .2.6, .2.7, .2.8, .2.9, .2.11, .2.13, .2.15, .2.17, .2.18, .2.19, .2.20, .2.21, .2.23, .2.25, .2.27, .2.29, .2.31, .2.33, .2.34, .2.35, .2.37, .2.38, .2.39, .2.40, .2.41, .2.42 | 6.1 .0, .0.1, .0.2, .0.3, .0.4, .0.5, .0.6, .0.7, .0.8, .0.9, .0.10, .0.11, .0.12, .0.13, .0.14, .0.15, .0.17, .0.19, .0.21, .0.23, .0.25, .0.28, .0.29, .0.30, .0.31, .0.33, .0.35, .0.37, .0.39, .0.40, .0.41 | 7.0 .0.0, .0.1, .0.3, .0.5, .0.6, .0.7, .0.8, .0.10, .0.9, .0.11, .0.13, .0.15, .0.17, .0.18, .0.19 | 8.0 Base
Oracle CorporationSolaris Express 11 2010.11
Red Hat, Inc.Fuse ESB Enterprise 7.0 Base, .2
Red Hat, Inc.Fuse Management Console 1.0 Base, .2
Red Hat, Inc.Fuse MQ Enterprise 7.0 Base, .2
Red Hat, Inc.Red Hat Desktop 4 IA-32, x86_64
Red Hat, Inc.Red Hat Enterprise Linux 5 IA-32, IA-64, PPC, ppc64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Server AUS 6.2 IA-32, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Advanced Server 4 IA-32, IA-64, x86_64, PPC, ppc64, s390, s390x
Red Hat, Inc.Red Hat Enterprise Linux Desktop 5 IA-32, x86_64 | 6 IA-32, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Desktop Workstation 5 IA-32, x86-64
Red Hat, Inc.Red Hat Enterprise Linux Enterprise Server 4 IA-32, IA-64, x86_64
Red Hat, Inc.Red Hat Enterprise Linux HPC Node 6 x86_64
Red Hat, Inc.Red Hat Enterprise Linux Server 6 IA-32, PPC, PPC 64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Server EUS 6.2.z IA-32, PPC, PPC64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Workstation 4 IA-32, IA-64, x86_64 | 6 IA-32, x86_64
VMware, Inc.VMware ESX Server 4.0 Base | 4.1 Base
VMware, Inc.VMware ESXi 3.5 Base, Update 1, Update 2, Update 3, Update 4 | 4.0 Base | 4.1 Base | 5.0 Base




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield