1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unchecked Buffer in ASP.NET: Jun 6

Discussion in 'Web & Email' started by eddie5659, Jun 6, 2002.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,886
    Hiya

    ASP.NET is a collection of technologies that help developers to
    build web-based applications. Web-based applications, including
    those built using ASP.NET, rely on HTTP to provide connectivity.
    One characteristic of HTTP as a protocol is that it is stateless,
    meaning that each page request from a user to a site is reckoned
    an independent request. To compensate for this, ASP.NET provides
    for session state management through a variety of modes.

    One of these modes is StateServer mode. This mode stores session
    state information in a separate, running process. That process
    can run on the same machine or a different machine from the
    ASP.NET application. There is an unchecked buffer in one of the
    routines that handles the processing of cookies in StateServer
    mode. A security vulnerability results because it is possible
    for an attacker to seek to exploit it by mounting a buffer
    overrun attack. A successful attack could cause the ASP.NET
    application to restart. As a result, all current users of
    the web-based application would see their current session
    restart and their current session information would be lost.

    The StateServer mode is not the default mode for session
    state management in ASP.NET. ASP.NET applications using
    StateServer mode that do not use cookies are not vulnerable.

    Maximum Severity Rating: Moderate

    Affected Software:

    Microsoft .NET Framework version 1.0, of which ASP.NET is a component

    Download locations for this patch :

    Microsoft .NET Framework version 1.0

    http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39298

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-026.asp

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Unchecked Buffer
  1. Dkapiate
    Replies:
    2
    Views:
    276
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/82490

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice