FreeBSD : Multiple implementations -- DoS via hash algorithm collision (91be81e7-3fea-11e1-afc7-2c4138874f7d)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

oCERT reports :

A variety of programming languages suffer from a denial-of-service
(DoS) condition against storage functions of key/value pairs in hash
data structures, the condition can be leveraged by exploiting
predictable collisions in the underlying hashing algorithms.

The issue finds particular exposure in web server applications and/or
frameworks. In particular, the lack of sufficient limits for the
number of parameters in POST requests in conjunction with the
predictable collision properties in the hashing functions of the
underlying languages can render web applications vulnerable to the DoS
condition. The attacker, using specially crafted HTTP requests, can
lead to a 100% of CPU usage which can last up to several hours
depending on the targeted application and server performance, the
amplification effect is considerable and requires little bandwidth and
time on the attacker side.

The condition for predictable collisions in the hashing functions has
been reported for the following language implementations : Java,
JRuby, PHP, Python, Rubinius, Ruby. In the case of the Ruby language,
the 1.9.x branch is not affected by the predictable collision
condition since this version includes a randomization of the hashing
function.

The vulnerability outlined in this advisory is practically identical
to the one reported in 2003 and described in the paper Denial of
Service via Algorithmic Complexity Attacks which affected the Perl
language.

See also :

http://www.ocert.org/advisories/ocert-2011-003.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.nessus.org/u?c4e600a6

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57552 ()

Bugtraq ID:

CVE ID: CVE-2011-4815
CVE-2011-4838
CVE-2011-5036
CVE-2011-5037

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now