New User, Welcome!     Login

Algorithmic complexity

n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

that they can be accessed by application developers.

If the language does not provide a randomized hash function or the
application server does not recognize attacks using multi-collisions, an
attacker can degenerate the hash table by sending lots of colliding
keys. The algorithmic complexity of inserting n elements into the table
then goes to O(n**2), making it possible to exhaust hours of CPU time
using a single HTTP request.

This issue has been known since at least 2003 and has influenced Perl
and CRuby 1.9 to change their hash functions to include randomization.

[ MDVSA-2009:276 ] python-django

 The Admin media handler in core/servers/basehttp.py in Django 1.0
 and 0.96 does not properly map URL requests to expected static media
 files, which allows remote attackers to conduct directory traversal
 attacks and read arbitrary files via a crafted URL (CVE-2009-2659).
 
 Algorithmic complexity vulnerability in the forms library in Django
 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause
 a denial of service (CPU consumption) via a crafted (1) EmailField
 (email address) or (2) URLField (URL) that triggers a large amount
 of backtracking in a regular expression (CVE-2009-3695).

[ MDVSA-2009:276-1 ] python-django

 The Admin media handler in core/servers/basehttp.py in Django 1.0
 and 0.96 does not properly map URL requests to expected static media
 files, which allows remote attackers to conduct directory traversal
 attacks and read arbitrary files via a crafted URL (CVE-2009-2659).
 
 Algorithmic complexity vulnerability in the forms library in Django
 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause
 a denial of service (CPU consumption) via a crafted (1) EmailField
 (email address) or (2) URLField (URL) that triggers a large amount
 of backtracking in a regular expression (CVE-2009-3695).

[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision

affected by the predictable collision condition since this version includes a
randomization of the hashing function.

The vulnerability outlined in this advisory is practically identical to the
one reported in 2003 and described in the paper Denial of Service via
Algorithmic Complexity Attacks which affected the Perl language.

The reporters own advisory can be found at
http://www.nruns.com/_downloads/advisory28122011.pdf

Affected version:


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!