회원가입메일  
   
 
> 취약성 정보
이름 Level 9, 8750 Point nesk 2010-10-11 13:23:14
제목 ASP.NET Padding Oracle Vulnerability
<P>ASP.NET Padding Oracle Vulnerability(MS10-070)</P> <P> </P> <P>ASP.NET에서 쿠키의 무결성을 위해 사용하는 AES 암호문을 복호화할때, 임의로 암호문을 수정할경우 출력되는 에러문에서 복호화과정에 관한 정보가 출력됩니다. </P> <P> 이로 인해 공격자가 원래의 암호화 키를 얻는데 충분한 정보를 얻을 수 있으며 개인정보나 신용카드번호와 같은 민감한 데이터들을 가질수 있는 암호문을 복호화 시키거나 View State나 web.config 설정파일과 같은  민감한 정보들을 얻는 등의 악용이 가능합니다.</P> <P> </P> <P>취약 버전 :<BR>-Microsoft .net_framework 4.0 <BR>-Microsoft .net_framework 3.5.1 <BR>-Microsoft .net_framework 3.5 sp1 <BR>-Microsoft .net_framework 2.0 sp2 <BR>-Microsoft .net_framework 1.1 sp1 <BR>-Microsoft .net_framework 1.0 sp3 </P> <P> </P> <P>링크 : </P> <P>netifera research : <A href="http://netifera.com/research/">http://netifera.com/research/</A></P> <P>CVE-2010-3332 : <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332</A><BR>exploit-db : <A href="http://www.exploit-db.com/exploits/15213/">http://www.exploit-db.com/exploits/15213/</A><BR>ekoparty : <A href="http://www.ekoparty.org/juliano-rizzo-2010.php">http://www.ekoparty.org/juliano-rizzo-2010.php</A><BR>ekoparty2010 pdf : <A href="http://netifera.com/research/poet//PaddingOraclesEverywhereEkoparty2010.pdf">http://netifera.com/research/poet//PaddingOraclesEverywhereEkoparty2010.pdf</A><BR>securityfocus : <A href="http://www.securityfocus.com/bid/43316">http://www.securityfocus.com/bid/43316</A><BR>Microsoft Security Bulletin (MS10-070) : <A href="http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx">http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx</A><BR>Microsoft Security Advisory (2416728) : <A href="http://www.microsoft.com/technet/security/advisory/2416728.mspx">http://www.microsoft.com/technet/security/advisory/2416728.mspx</A></P> <P>ASP.NET PaddingOracle File Download : <A href="http://www.exploit-db.com/exploits/15265/" target=_blank>http://www.exploit-db.com/exploits/15265/</A></P> <P>ASP.NET Auto-Decryptor File Download Exploit : <A href="http://www.exploit-db.com/exploits/15292/">http://www.exploit-db.com/exploits/15292/</A><BR></P> <P><SPAN style="TEXT-DECORATION: underline"></SPAN><BR></P>
목록
1017 Linux Kernel < 2.6.37-rc2..  Level 9, 8750 Point nesk 2010.12.20 38454
1016 Linux Kernel <= 2.6.37 Lo..  Level 9, 8750 Point nesk 2010.12.10 34421
1015 Local Root Privilege Esca..  Level 9, 8750 Point nesk 2010.11.26 34812
1014 Windows Task Scheduler Pr..  Level 9, 8750 Point nesk 2010.11.21 36693
1013 Internet Explorer CSS Tag.. [1]  Level 9, 8750 Point nesk 2010.11.07 17444
1012 Adobe Shockwave player rc..  Level 9, 8750 Point nesk 2010.10.22 6982
1011 Linux RDS Protocol Local ..  Level 9, 8750 Point nesk 2010.10.20 8141
1010 ASP.NET Padding Oracle Vu..  Level 9, 8750 Point nesk 2010.10.11 8524
1009 Iphone pdf 취약성 (by Autoly.. [3]  Level 14, 20240 Point hinehong 2010.08.18 8704
1008 Norton Multiple insuffici.. [27]  Level 2, 645 Point bokdong2 2007.04.02 16176
1007 SignKorea's ActiveX Buff.. [42]  Level 2, 645 Point bokdong2 2007.03.27 18317
1006 Symantec Mail Security fo.. [4]  Level 5, 3065 Point RiceBox 2007.03.02 7865
1005 McAfee VirusScan Virex 불안.. [2]  Level 4, 1440 Point avy 2007.02.28 7658
1004 Microsoft XBox 360 권한 상승 .. [3]  Level 4, 1440 Point avy 2007.02.28 7415
1003 Windows Shell User Logon .. [5]  Level 4, 1440 Point avy 2007.02.26 7712
1002 아래한글에서 심각한 보안취약점이 발견됨에 따라.. [6]  Level 2, 645 Point bokdong2 2007.02.20 11439
1001 MIMEDefang 불특정 버퍼 오버플로우 취.. [3]  Level 4, 1440 Point avy 2007.02.12 7360
1000 Sun Solaris Telnet 원격 인증 .. [8]  Level 4, 1440 Point avy 2007.02.12 8676
999 Microsoft Help Workshop C.. [6]  Level 12, 12970 Point hkpco 2007.01.18 8111
998 Internet Explorer 7 팝업 어드.. [2]  Level 5, 3065 Point RiceBox 2006.10.27 6071
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10