---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: ASP.NET ViewState Denial of Service and Security Bypass SECUNIA ADVISORY ID: SA15241 VERIFY ADVISORY: http://secunia.com/advisories/15241/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: >From remote SOFTWARE: ASP.NET 1.x http://secunia.com/product/2173/ DESCRIPTION: Michal Zalewski has reported two vulnerabilities in ASP.NET, which can be exploited by malicious people to cause a DoS (Denial of Service) and bypass certain security restrictions. 1) An error in the parsing of the base64 encoded "__VIEWSTATE" attribute used by the ViewState functionality can be exploited to cause a vulnerable server to consume a large amount of resources by sending a request with a specially crafted, deeply nested structure for the "__VIEWSTATE" attribute. Successful exploitation requires that the SHA1 integrity checking is disabled (not default setting). 2) The ViewState functionality does not properly protect against certain replay attacks. This can e.g. be exploited to reuse "__VIEWSTATE" data on a different view being produced by the same script with a similar control layout. SOLUTION: Enable SHA1 integrity checking and use extra security precautions to ensure that input is properly validated. PROVIDED AND/OR DISCOVERED BY: Michal Zalewski ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------