1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




ASP.NET Padding Oracle Vulnerability May Allow Information Disclosure

Report ID: SA201006523
Source: F-Secure
Date of Discovery: 29.09.2010
Criticality: Urgent
Affects:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2 (including with SP2 for Itanium-based Systems)
Windows Vista Service Pack 1 & Service Pack 2
Windows Vista x64 Edition Service Pack 1 & Service Pack 2
Windows Server 2008 for 32-bit Systems  (including Service Pack 2)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems  (including Service Pack 2)
Windows Server 2008 for Itanium-based Systems (including Service Pack 2)
Windows 7 (32-bit Systems & x64-based Systems)

Compromise From: From remote
Compromise Type: Exposure of sensitive information

Summary

A vulnerability in ASP.NET's use of encryption could allow an attacker to read sensitive information and tamper with encrypted data.

Detailed Description

ASP.NET technologies are used within the Microsoft .NET Framework to run dynamic web applications and XML web services.

The vulnerability revolves around improper error handling during encryption padding verification. If successfully exploited, this vulnerability generates error reponses containing information that may be read by an attacker and used to decrypt and tamper with encrypted data.

This vulnerability will not allow an attacker to execute remote code or elevate their privileges, but may be used to gather information that may lead to further system compromise.

This vulnerability affects all applications that rely on the ASP.NET platform.

Solution

Apply the relevant updates:

Microsoft .NET Framework 1.1 Service Pack 1
For: Windows Vista, Windows XP, Windows Server 2003 (64-bit) & Windows Server 2008
http://www.microsoft.com/downloads/details.aspx?familyid=a7990e61-21fd-4942-9dfe-af7961cb0282

Microsoft .NET Framework 1.1 Service Pack 1 and Windows Server 2003 Service Pack 2 (32-bit)
For: Windows Server 2003
http://www.microsoft.com/downloads/en/details.aspx?familyid=71f0daad-e2df-421c-9818-58e1e40cdb65

Microsoft .NET Framework 3.5
For: Windows XP & Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?familyid=d284237b-e4d9-460a-98f0-7a18252f5780

Microsoft .NET Framework 3.5
For: Windows Vista Service Pack 1 & Windows Server 2008
http://www.microsoft.com/downloads/en/details.aspx?familyid=7ad59265-9dca-4731-ac09-46c162c1832a
 
Microsoft .NET Framework 3.5
For: Windows XP, Windows Vista, Windows Server 2003 & Windows Server 2008
http://www.microsoft.com/downloads/en/details.aspx?familyid=00d95a85-f3e8-464d-a10c-85c6d91b4aae

Microsoft .NET Framework 3.5 Service Pack 1
For: Windows Vista Service Pack 1 & Windows Server 2008
http://www.microsoft.com/downloads/en/details.aspx?familyid=ac1c77df-34d5-48d4-9a9d-33dc017ffe93

Microsoft .NET Framework 3.5 Service Pack 1
For: Windows Vista, Windows XP, Windows Server 2003 & Windows Server 2008
http://www.microsoft.com/downloads/details.aspx?familyid=ae42d6cc-6d4e-425a-9b4f-379f66fc506a

Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2
For: Windows XP & Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?familyid=3d31fd37-eb58-4169-b6b9-4cf854524e46

Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2
For: Windows Vista & Windows Server 2008
http://www.microsoft.com/downloads/en/details.aspx?familyid=45aa5666-3454-443c-a224-2076215fef04

Security Update for Microsoft .NET Framework 4
For: Windows 7, Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008 & Windows Server 2008 R2
http://www.microsoft.com/downloads/details.aspx?familyid=6ce703b7-08a5-4eff-a062-d5dc720908f6

CVE Reference

CVE-2010-3332