AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AdaCore Security Advisory
=========================

SA-2012-L119-003 Hash collisions in AWS

Problem: Impacted versions of AWS store key/value pairs from submitted
form data in hash tables using a hash function that has
predictable collisions. As a result, a single specially crafted
HTTP request can cause the server to use hours of CPU time,
thus causing a denial of service.

Impact: All AWS releases and wavefronts prior to 2012-01-21

Status: This was fixed in AWS 2.11 and 2.10.2 on 2012-01-21

References: n.runs-SA-2011.004
http://www.nruns.com/_downloads/advisory28122011.pdf

Effective Denial of Service attacks against
web application platforms :: AWS round
http://ogrod2.blogspot.com/2012/01/28c3-effective-denial-of-service.html

AWS
http://www.adacore.com/home/products/gnatpro/add-on_technologies/web_technologies
http://forge.open-do.org/projects/aws/

History: 2012-01-27 First published

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8iwlEACgkQK8Lr/hUfADYemQCdHUyHQWMRikkF2XO0n1KSINCt
NbYAoMyczgLV2Bt+aok73Cp90A8tBmEe
=XT3i
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: MD5 Hash with single quote = grief in dao.findfirst
    ... won't worry about hash collisions on inserts. ... you could just as easily UCASE the hash value??? ... my checks are case insensitive on both DAO and ADO! ... > It even works on the single quote. ...
    (microsoft.public.access.modulesdaovba)
  • Re: [Full-disclosure] Flog 1.1.2 Remote Admin Password Disclosure
    ... If your password input routine allows ... For instance, if you use a 64-bit hash, and reasonable-length ... what happens is that you basically ignore the hash collisions - because ... which is likely not even enterable at the keyboard (it ends up being ...
    (Full-Disclosure)
  • Re: how much memory does increasing max rules for IPFW take up?
    ... If there are a lot of raw IP or ICMP flows then that's going to result in hash collisions. ... "Bloomier" filters are probably worth a look -- bloom filters are a class of probabilistic hash which may return a false positive, "bloomier" filters are a refinement which tries to limit the false positives. ...
    (freebsd-stable)
  • Re: HASH Algorithms
    ... We used ELFHash for a while but it produces a lot of hash collisions. ... >I've been searching for a better HASH algorithm. ... good websites to search for HASH functions so I can benchmark them? ...
    (comp.sys.tandem)