Microsoft DotNet XML Signature HMAC Authentication Bypass Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	06/08/2010
Severity:	High
Operating Systems Affected:	Microsoft Windows 2000 Service Pack 4 Windows XP SP 2 Windows XP SP 3 Windows XP Professional x64 Edition SP 2 Windows Server 2003 SP 2 Windows Server 2003 x64 Edition SP 2 Windows Server 2003 SP2 for Itanium-based Systems Windows Vista SP 1 Windows Vista SP 2 Windows Vista x64 Edition SP 1 Windows Vista x64 Edition SP 2 Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems SP 2 Windows Server 2008 for x64-based Systems Windows Server 2008 for x64-based Systems SP 2 Windows Server 2008 for Itanium-based Systems Windows Server 2008 for Itanium-based Systems SP 2 Windows 7 for 32-bit Systems Windows Server 2008 R2 for x64-based Systems
Identifiers:	CVE-2009-0217

Synopsis

Authentication Bypass Vulnerability exists in Microsoft DotNet Framework that could allow an attacker to alter with signed XML content without being detected.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/MS10-041.mspx

Threat Analysis

There is a vulnerability in the W3C XML Signature Syntax and Processing (XMLDsig) recommendation which could allow an attacker to tamper with signed XML without the receiver detecting the changes.

An attacker could alter signed XML which could prevent the reader of the XML data from detecting any tampering in the XML. Successful exploitation of the vulnerability could cause data tampering that can be used to bypass a cryptographic signature.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217

Write-up by: Anupam Kumar