<< Vancouver Follow Up | Home | Thanks! >>

.NET 1.1 & 2.0 Security Hole

An interesting bug has been found in the .net framework. Basically if a null is inserted into a string and you manipulate that string through several different methods then the data after the null will be dropped.

MailMessage message = new MailMessage()
message.to = request["to"] + "@legitserver.com"

if request["to"] were to be something like i@spamvictim.com%00 the message.to property would become i@spamvictim.com instead of what you would expect as i@spamvictim.com@legitserver.com

the reason behind this is that .NET treats nulls as data where the native calls that .NET uses behind the scenes treats nulls as string terminators (many languages internally terminate strings with nulls).

More info on this can be found in the whitepaper on this here

Two patches have been released from Microsoft to address this issue:
KB928365 for .NET 2.0
KB928366 for .NET 1.1

Print | posted on Wednesday, July 11, 2007 2:44 AM

Comments

paul

im just an average user, i tried to install this update thru the automatic windows but it failed for some reason, i tried to reboot my computer several times , but i still get that yellow update thing that says its ready to install. whats going on and how do it fix it.
thanks,
paul

Posted @ 7/11/2007 8:28 AM

Dave

I am not sure Paul. I don't work for windows update so I can't help you with installation issues. Just letting people know that a fix is out.

Posted @ 7/11/2007 1:34 PM

Mark Macaulay

I don't know if KB928365 is ready for prime-time I'm finding a number of people having issues with KB928365 breaking .NET 2.0.
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1847630&SiteID=1
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1846038&SiteID=1

and a number on the Windows Update Site like this one:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?&query=KB928365&lang=en&cr=US&guid=&sloc=en-us&dg=microsoft.public.windowsupdate&p=1&tid=55b18868-35a9-433b-9ced-21618881a63c&mid=55b18868-35a9-433b-9ced-21618881a63c

Installer beware

Posted @ 7/11/2007 4:48 PM

My Links

Recent Comments

.NET 1.1 & 2.0 Security Hole