Story

US CERT: Hash Table Collision Attack Vulnerability

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products. 

The Ruby Security Team has updated Ruby 1.8.7. The Ruby 1.9 series is not affected by this attack. Additional information can be found in the ruby 1.8.7 patchlevel 357 release notes:

We have been releasing annual ruby versions for over a decade in
this season.  This is one for this year.  We have fixed several
bugs today.  One of them is to fix CVE-2011-4815 (a more detailed
situation about the issue is to follow this mail).  So everyone
who uses 1.8.7 should consider upgrading.

For details, please read the ChangeLog as usual.

ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p357.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p357.tar.bz2
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p357.zip

Checksums:

MD5(ruby-1.8.7-p357.tar.gz)= b2b8248ff5097cfd629f5b9768d1df82
SHA256(ruby-1.8.7-p357.tar.gz)=
2fdcac4eb37b2eba1a4eef392a2922e07a9222fc86d781d92154d716434b962c
SIZE(ruby-1.8.7-p357.tar.gz)= 4895136

MD5(ruby-1.8.7-p357.tar.bz2)= 3abd9e2a29f756a0d30c7bfca578cdeb
SHA256(ruby-1.8.7-p357.tar.bz2)=
5c64b63a597b4cb545887364e1fd1e0601a7aeb545e576e74a6d8e88a2765a37
SIZE(ruby-1.8.7-p357.tar.bz2)= 4208157

MD5(ruby-1.8.7-p357.zip)= 23efe7ba50458f8df691c7fa07ce0578
SHA256(ruby-1.8.7-p357.zip)=
b7672524ecac77e7f4bdbbfa5521109a0ef514d22bc726bad073d83b6044d445
SIZE(ruby-1.8.7-p357.zip)= 5994841

Microsoft has released an update for the .NET Framework to address this vulnerability and three others. Additional information can be found in Microsoft Security Bulletin MS11-100 and Microsoft Security Advisory 2659883:

Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-100 to address this issue. For more information about this issue, including download links for an available security update, please review MS11-100. The vulnerability addressed is the Collisions in HashTable May Cause DoS Vulnerability - CVE-2011-3414.

More information regarding this vulnerability can be found in n.runs Security Advisory n.runs-SA-2011.004 and US-CERT Vulnerability Note VU#903934:

Many applications, including common web framework implementations, use hash tables to map key values to associated entries. If the hash table contains entries for different keys that map to the same hash value, a hash collision occurs and additional processing is required to determine which entry is appropriate for the key. If an attacker can generate many requests containing colliding key values, an application performing the hash table lookup may enter a denial of service condition. Hash collision denial-of-service attacks were first detailed in 2003, but recent research details how these attacks apply to modern language hash table implementations.

US-CERT will provide additional information as it becomes available.

Source:  http://www.us-cert.gov/current/index.html#multiple_vendors_vulnerable_to_hash