Bug 739119 - (CVE-2012-3543) VUL-1: CVE-2012-3543: mono-web: hash collision denial of service attacks in ASP.net
(CVE-2012-3543)
VUL-1: CVE-2012-3543: mono-web: hash collision denial of service attacks in A...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P4 - Low : Major
: ---
Assigned To: Security Team bot
Security Team bot
maint:running:62324:moderate maint:re...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-02 10:00 UTC by Marcus Meissner
Modified: 2016-12-02 13:16 UTC (History)
9 users (show)

See Also:
Found By: Third Party Developer/Partner
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Patch for mono master (7.76 KB, patch)
2012-07-25 13:05 UTC, Jérémie LAVAL
Details | Diff
Patch for mono 2-10 (7.76 KB, patch)
2012-07-25 13:06 UTC, Jérémie LAVAL
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2012-01-02 10:00:22 UTC
is public via CVE diff.

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

Reference: CERT-VN: http://www.kb.cert.org/vuls/id/903934
Reference: MISC: http://www.ocert.org/advisories/ocert-2011-003.html
Reference: MISC: http://www.nruns.com/_downloads/advisory28122011.pdf
Reference: MS: http://technet.microsoft.com/security/bulletin/MS11-100


I have not yet cross checked if it affects Mono ASP.NET, but I guess it does.
Comment 1 Swamp Workflow Management 2012-01-02 23:00:12 UTC
bugbot adjusting priority
Comment 2 Marcus Meissner 2012-07-04 08:31:42 UTC
Dobrin, here is another mono issue (perhaps), but of low severity
Comment 3 Jérémie LAVAL 2012-07-25 13:05:45 UTC
Created attachment 499891 [details]
Patch for mono master
Comment 4 Jérémie LAVAL 2012-07-25 13:06:09 UTC
Created attachment 499892 [details]
Patch for mono 2-10
Comment 5 Jérémie LAVAL 2012-07-25 13:06:55 UTC
On behalf of Marek Habersack:

The attached patches fix the vulnerability - contact us at support@xamarin.com if you have any follow-up questions. The fix was committed to the following Mono branches:

master:
        2ab1a051058fee5ea3aec2e071fba7000b693488
        c3e088bf2fc22d66d0f17b74676de366f661c3eb

mono-2-10:
        04245de5c480db5dff5983467f7a8606f1321ed6
        049bb49f1c5b650166de2a266bc1879c5def0190
Comment 6 Marcus Meissner 2012-07-25 14:18:22 UTC
thank yoU!

reopen for tracking... reassign to me for package building when needed
Comment 7 Marcus Meissner 2012-08-28 15:12:50 UTC
-> orphaned.

please incldue in current mono-core update too.
Comment 9 Marcus Meissner 2012-08-28 15:20:19 UTC
cve requested
Comment 10 Sebastian Krahmer 2012-08-29 06:28:05 UTC
CVE-2012-3543
Comment 11 Reinhard Max 2012-12-10 09:52:23 UTC
(In reply to comment #7)

> please incldue in current mono-core update too.

I am not aware of another current mono-core update.
Comment 12 Thomas Biege 2012-12-10 16:36:33 UTC
I assume MArcus pointed to https://swamp.suse.de/webswamp/swamp/template/DisplayWorkflow.vm/workflowid/48165 which is already done. :-\
Comment 13 Marcus Meissner 2015-11-04 15:34:27 UTC
(so far was not released)
Comment 14 Swamp Workflow Management 2015-11-04 16:19:38 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-11-11.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62324
Comment 15 Reinhard Max 2015-11-12 17:09:12 UTC
None of the patches provided above seems to apply to any of the Mono versions we have on SLE-10-SP3, SLE-11-SP0 and SLE-11-SP2.
Comment 18 Swamp Workflow Management 2015-12-18 09:17:50 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-01-01.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62382
Comment 24 Andreas Stieger 2016-01-21 12:00:33 UTC
Hello Reinhard, please review these proposed patches.

You will also find them building in ibs:
home:AndreasStieger:branches:OBS_Maintained:mono-core
Comment 25 Reinhard Max 2016-01-21 15:47:10 UTC
submitted
Comment 28 Swamp Workflow Management 2016-01-27 15:12:19 UTC
SUSE-SU-2016:0257-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 739119,958097
CVE References: CVE-2009-0689,CVE-2012-3543
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mono-core-2.6.7-0.16.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    mono-core-2.6.7-0.16.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    mono-core-2.6.7-0.16.1
SUSE Linux Enterprise Server 11-SP4 (src):    mono-core-2.6.7-0.16.1
SUSE Linux Enterprise Server 11-SP3 (src):    mono-core-2.6.7-0.16.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    mono-core-2.6.7-0.16.1
Comment 29 Swamp Workflow Management 2016-12-01 13:07:49 UTC
SUSE-SU-2016:2958-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 739119,958097
CVE References: CVE-2009-0689,CVE-2012-3543
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mono-core-2.6.7-0.18.1
SUSE Linux Enterprise Server 11-SP4 (src):    mono-core-2.6.7-0.18.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    mono-core-2.6.7-0.18.1