NAVIGATION MAIN MENU

COMPENDIUM LIBRARY/TWITTER MONITOR
VIDEO GALLERY
Economic News
Newsbrief Archives
Democrat Leadership Twitter and Realtime Feeds
Cabinet twitter and realtime feeds
North America weblog
International weblog
Democrats twitter directory
Latest Government Jobs and Public Tenders
Jobs Matrix
Global Travel Information
Pop Entertainment Forum
Start Portal


Please make a donation to support upkeep of the daily news journal, back archives, twitter feeds and the compendium library.










Multiple Programming Language Implementations Vulnerable to

Daily newsbrief journal for December 2011, also see http://www.usdemocrats.com/brief for a global 100-page perpetual brief and follow twitter @usdemocrats


Multiple Programming Language Implementations Vulnerable to

Postby admin » Wed Dec 28, 2011 7:45 pm

Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks

Original release date: December 28, 2011 at 1:04 pm
Last revised: December 28, 2011 at 1:04 pm


US-CERT is aware of reports stating that multiple programming language
implementations, including web platforms, are vulnerable to hash table
collision attacks. This vulnerability could be used by an attacker to
launch a denial-of-service attack against websites using affected
products.

The Ruby Security Team has updated Ruby 1.8.7. The Ruby 1.9 series is
not affected by this attack. Additional information can be found in
the ruby 1.8.7 patchlevel 357 release notes.

Microsoft has released a security advisory for ASP.NET containing a
workaround. Additional information can be found in Microsoft Security
Advisory 2659883.

More information regarding this vulnerability can be found in US-CERT
Vulnerability Note VU#903934 and n.runs Security Advisory
n.runs-SA-2011.004.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.ruby-forum.com/topic/3312298>

<http://www.nruns.com/_downloads/advisory28122011.pdf>

<http://technet.microsoft.com/en-us/security/advisory/2659883>

<http://www.kb.cert.org/vuls/id/903934>

====
This entry is available at
http://www.us-cert.gov/current/index.ht ... le_to_hash
admin
Site Admin
 
Posts: 82092
Joined: Fri Nov 27, 2009 7:00 am

Return to December 2011

Who is online

Users browsing this forum: No registered users and 2 guests

cron