-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2011-0033. Title: Multiple vulnerabilities in .NET Framework including critical Elevation of Privilege flaw Version history: 29.12.2011 Initial publication Summary ======= Microsoft has released an out-of-band security update [1] that resolves one publicly disclosed vulnerability [2] and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially craftedjavascript:SetCmd(cmdSend); web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name. See [10] for further details. CVE-2011-3414 - - CVE-2011-3415 - CVE-2011-3416 - CVE-2011-3417 Remote Yes Credibility Vendor Confirmed Ease No exploit available CVSSv2 [10] Base Score: 9.4 (AV:N/AC:L/Au:N/C:C/I:C/A:N) Technical description ============================== The following vulnerabilities have been released. More description may be found in [1]: Collisions in HashTable May Cause DoS Vulnerability - This vulnerability has been disclosed [2]; Insecure Redirect in .NET Form Authentication Vulnerability - This vulnerability has been rated as high by the vendor; ASP.Net Forms Authentication Bypass Vulnerability; ASP.NET Forms Authentication Ticket Caching Vulnerability; Vulnerable systems ================== Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows. What can you do? ================ Fix and workarounds are available [1] What to tell your users? ======================== This vulnerability impacts administrators only. More information ================ [1] http://technet.microsoft.com/en-us/security/bulletin/ms11-100 [2] http://technet.microsoft.com/en-us/security/advisory/2659883 [10] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJPHSdiOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4O3AA//UWwLDRYg spHr9PMhPt8xyQD9cuOKfSpAbfUXyMgsuloYRDOAoO63AbLU0RGpJV4wqphGUjLw ERd4wZ42u5RZen9d9Ycb9wKdcRY9chT8yzEsB6c5oNCd+DbDUkkzmpM/OG1u7eTi Fk8XUOTBzSVzS9tu6x+W6+znQnXgjZqKqzra8f9m+8B6YYyQTIDM3NyB8lv9C7g/ HEAjvZXMqMG2qfWAo/AQKgjiSpe0OW4eXPyfC5ZmU2iOvtgGZT0Xr651+wGcQqlq XypR1kDhjl6JDXrau6rVz4Kh+Q5+dHbN77AAk9u3LHMl0Q2KQGbb/NRPHmr4Ddpw 3dzjlc7HaCEWxWzxc3DxrzXwylrC43UaeSNzgiELvz8E0dpciwboLpfNb0O6UZI5 SVgJI9NjBAWrcWvqUQJldm1dW5Paj8z7mRAREEpqzsi1Hm7WS3TsbWDCZ755FQRe BEfFW4ZTzUYd22/RaeVcykCUR5oSOpQW8x93IaSDRX2F5wpz5bEge2loLDQz5t6E 43WRmYJMAPbtb+l+KIki578hTbFq1ozUzaCPq6c4LYAmiP+lb7TWvFb8RN+YAyWS aa7vLS4quv3ZQje6w2GHnIESXvV7Ho3ECidAinXPCwSOTD+Lh4vXVyrD88lkvemU 2vfKfTlCtkWYDlrj836Y7a0Zcs2Jtf/NXls= =PQwx -----END PGP SIGNATURE-----