SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   ASP.NET Vendors:   Microsoft
Microsoft ASP.NET Padding Oracle Attack Lets Remote Users Decrypt Data
SecurityTracker Alert ID:  1024459
SecurityTracker URL:  http://securitytracker.com/id/1024459
CVE Reference:   CVE-2010-3332   (Links to External Site)
Updated:  Feb 24 2011
Original Entry Date:  Sep 18 2010
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5 SP1, 4.0; and prior service packs
Description:   A vulnerability was reported in ASP.NET. A remote user can view potentially sensitive information.

A remote user can conduct a padding oracle attack to decrypt data that was encrypted by ASP.NET.

This can be exploited to decrypt the View State cookie parameter to obtain potentially sensitive information. This can also be exploited to view data from files on the target server, such as the 'web.config' file.

A remote user can use the information to form further attacks against the system.

The specific impact depends on the target ASP.NET application.

A demonstration exploit tool is available at:

http://netifera.com/research/

Thai Duong and Juliano Rizzo reported this vulnerability.

Impact:   A remote user can decrypt information, such as the information stored in the View State parameter.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows XP Service Pack 3, Microsoft .NET Framework 2.0 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3d31fd37-eb58-4169-b6b9-4cf854524e46

Windows XP Professional x64 Edition Service Pack 2, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows XP Professional x64 Edition Service Pack 2, Microsoft .NET Framework 2.0 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3d31fd37-eb58-4169-b6b9-4cf854524e46

Windows Server 2003 Service Pack 2, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=71f0daad-e2df-421c-9818-58e1e40cdb65

Windows Server 2003 x64 Edition Service Pack 2, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Server 2003 x64 Edition Service Pack 2, Microsoft .NET Framework 2.0 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3d31fd37-eb58-4169-b6b9-4cf854524e46

Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft .NET Framework 2.0 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3d31fd37-eb58-4169-b6b9-4cf854524e46

Windows Vista Service Pack 1, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Vista Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=7ad59265-9dca-4731-ac09-46c162c1832a

Windows Vista Service Pack 2, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Vista x64 Edition Service Pack 1, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Vista x64 Edition Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=7ad59265-9dca-4731-ac09-46c162c1832a

Windows Vista x64 Edition Service Pack 2, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Server 2008 for 32-bit Systems, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Server 2008 for 32-bit Systems, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=7ad59265-9dca-4731-ac09-46c162c1832a

Windows Server 2008 for 32-bit Systems Service Pack 2, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Server 2008 for x64-based Systems, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Server 2008 for x64-based Systems, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=7ad59265-9dca-4731-ac09-46c162c1832a

Windows Server 2008 for x64-based Systems Service Pack 2, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Server 2008 for Itanium-based Systems, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows Server 2008 for Itanium-based Systems, Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5:

http://www.microsoft.com/downloads/details.aspx?familyid=7ad59265-9dca-4731-ac09-46c162c1832a

Windows Server 2008 for Itanium-based Systems Service Pack 2, Microsoft .NET Framework 1.1 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Windows 7 for 32-bit Systems, Microsoft .NET Framework 3.5.1:

http://www.microsoft.com/downloads/details.aspx?familyid=5e7dcf51-74f1-43cc-aece-0cd5df05ddb7

Windows 7 for x64-based Systems, Microsoft .NET Framework 3.5.1:

http://www.microsoft.com/downloads/details.aspx?familyid=5e7dcf51-74f1-43cc-aece-0cd5df05ddb7

Windows Server 2008 R2 for x64-based Systems, Microsoft .NET Framework 3.5.1:

http://www.microsoft.com/downloads/details.aspx?familyid=5e7dcf51-74f1-43cc-aece-0cd5df05ddb7

Windows Server 2008 R2 for Itanium-based Systems, Microsoft .NET Framework 3.5.1:

http://www.microsoft.com/downloads/details.aspx?familyid=5e7dcf51-74f1-43cc-aece-0cd5df05ddb7

A restart may be required.

On December 14, 2010, Microsoft added new update packages are available for .NET Framework 4.0 (KB2416472) to correct an issue in the setup that could interfere with the successful installation of other updates and/or products. Customers that have already successfully updated their systems do not need to take any action.

On February 23, 2010, Microsoft issued a detection change to offer the update packages on systems that have installed Microsoft .NET Framework 4.0 after installing Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems SP1, or Windows Server 2008 R2 for Itanium-based Systems SP1. Customers that have already successfully updated their systems do not need to take any action.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-070.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (2003), Windows (2008), Windows (7), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents

Date:  Sat, 18 Sep 2010 04:46:20 +0000
Subject:  Microsoft ASP.NET


http://www.microsoft.com/technet/security/advisory/2416728.mspx

Microsoft Security Advisory (2416728)

Vulnerability in ASP.NET Could Allow Information Disclosure

CVE-2010-3332
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC