ID
VAR-E-200412-0151
CVE
| cve_id: | CVE-2004-2761 | Trust: 1.9 |
EDB ID
24807
TITLE
MD5 - Message Digest Algorithm Hash Collision - Multiple dos Exploit
Trust: 0.6
DESCRIPTION
MD5 - Message Digest Algorithm Hash Collision. CVE-2004-2761CVE-45127 . dos exploit for Multiple platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | md5 | model: | - | scope: | - | version: | - | Trust: 1.0 |
| vendor: | yamaha | model: | srt100 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | yamaha | model: | rtx3000 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | yamaha | model: | rtx2000 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | yamaha | model: | rtx1500 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | yamaha | model: | rtx1100 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | yamaha | model: | rtx1000 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | yamaha | model: | rtv700 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | yamaha | model: | rt300i | scope: | - | version: | - | Trust: 0.3 |
| vendor: | yamaha | model: | rt107e | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | yamaha | model: | rt105 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | yamaha | model: | rt104 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux sparc | scope: | eq | version: | 8.10 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux powerpc | scope: | eq | version: | 8.10 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lpia | scope: | eq | version: | 8.10 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux i386 | scope: | eq | version: | 8.10 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux amd64 | scope: | eq | version: | 8.10 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lts sparc | scope: | eq | version: | 8.04 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lts powerpc | scope: | eq | version: | 8.04 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lts lpia | scope: | eq | version: | 8.04 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lts i386 | scope: | eq | version: | 8.04 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lts amd64 | scope: | eq | version: | 8.04 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux sparc | scope: | eq | version: | 7.10 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux powerpc | scope: | eq | version: | 7.10 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lpia | scope: | eq | version: | 7.10 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux i386 | scope: | eq | version: | 7.10 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux amd64 | scope: | eq | version: | 7.10 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lts sparc | scope: | eq | version: | 6.06 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lts powerpc | scope: | eq | version: | 6.06 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lts i386 | scope: | eq | version: | 6.06 | Trust: 0.3 |
| vendor: | ubuntu | model: | linux lts amd64 | scope: | eq | version: | 6.06 | Trust: 0.3 |
| vendor: | redhat | model: | certificate server | scope: | eq | version: | 7.3 | Trust: 0.3 |
| vendor: | oracle | model: | trace file analyzer | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | mozilla | model: | network security services | scope: | eq | version: | 3.11.3 | Trust: 0.3 |
| vendor: | mozilla | model: | network security services | scope: | eq | version: | 3.12 | Trust: 0.3 |
| vendor: | mozilla | model: | network security services | scope: | eq | version: | 3.11 | Trust: 0.3 |
| vendor: | ietf | model: | rfc algorithms and identifiers for the inter | scope: | eq | version: | 3279:0 | Trust: 0.3 |
| vendor: | hp | model: | vsr (comware | scope: | eq | version: | 7)0 | Trust: 0.3 |
| vendor: | hp | model: | u200s and cs (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | u200a and m (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | smb1920 (comware r1106 | scope: | eq | version: | 5) | Trust: 0.3 |
| vendor: | hp | model: | smb1910 (comware r1108 | scope: | eq | version: | 5) | Trust: 0.3 |
| vendor: | hp | model: | smb (comware r1105 | scope: | eq | version: | 16205) | Trust: 0.3 |
| vendor: | hp | model: | secblade fw (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | msr4000 (comware | scope: | eq | version: | 7)0 | Trust: 0.3 |
| vendor: | hp | model: | msr3000 (comware | scope: | eq | version: | 7)0 | Trust: 0.3 |
| vendor: | hp | model: | msr2000 (comware | scope: | eq | version: | 7)0 | Trust: 0.3 |
| vendor: | hp | model: | msr20-1x (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | msr20 (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | msr1000 (comware | scope: | eq | version: | 7)0 | Trust: 0.3 |
| vendor: | hp | model: | msr1000 (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | msr (comware | scope: | eq | version: | 9xx5)0 | Trust: 0.3 |
| vendor: | hp | model: | msr (comware | scope: | eq | version: | 93x5)0 | Trust: 0.3 |
| vendor: | hp | model: | msr 50-g2 (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | msr (comware | scope: | eq | version: | 30-1x5)0 | Trust: 0.3 |
| vendor: | hp | model: | msr (comware | scope: | eq | version: | 30-165)0 | Trust: 0.3 |
| vendor: | hp | model: | msr (comware | scope: | eq | version: | 305)0 | Trust: 0.3 |
| vendor: | hp | model: | moonshot | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jg768aae hp pcm+ to imc std upg w/ 200-node e-ltu | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jg767aae hp imc smcnct wsm vrtl applnc sw e-ltu | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jg766aae hp imc smcnct vrtl applnc sw e-ltu | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jg748aae hp imc ent sw plat w/ nodes e-ltu | scope: | eq | version: | 500 | Trust: 0.3 |
| vendor: | hp | model: | jg747aae hp imc std sw plat w/ nodes e-ltu | scope: | eq | version: | 500 | Trust: 0.3 |
| vendor: | hp | model: | jg660aae hp imc smart connect w/wlm vae e-ltu | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jg590aae hp imc bsc wlan mgr sw pltfm ap e-ltu | scope: | eq | version: | 500 | Trust: 0.3 |
| vendor: | hp | model: | jg550aae hp pmm to imc bsc wlm upgr w/150ap e-ltu | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jg549aae hp pcm+ to imc std upgr w/200-node e-ltu | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jg548aae hp pcm+ to imc bsc upgr w/50-node e-ltu | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jg546aae hp imc basic sw platform w/50-node e-ltu | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jf378aae hp imc ent s/w pltfrm w/200-node e-ltu | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jf378a hp imc ent s/w platform w/200-node lic | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jf377aae hp imc std s/w pltfrm w/100-node e-ltu | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jf377a hp imc std s/w platform w/100-node lic | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jf289aae hp enterprise management system to intelligent manageme | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jf288aae hp network director to intelligent management center | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jd816a hp a-imc standard edition software dvd media | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jd815a hp imc std platform w/100-node license | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jd814a hp a-imc enterprise edition software dvd media | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jd808a hp imc ent platform w/100-node license | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jd126a hp imc ent s/w platform w/100-node | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | jd125a hp imc std s/w platform w/100-node | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | hsr6800 (comware | scope: | eq | version: | 7)0 | Trust: 0.3 |
| vendor: | hp | model: | hsr6800 (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | hsr6602 (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | hp870 (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | hp850 (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | hp830 (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | f5000-c/s (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | f1000-e (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | f1000-a-ei (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | 9500e (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware r2122 | scope: | eq | version: | 79007) | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 75007)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 75005)0 | Trust: 0.3 |
| vendor: | hp | model: | rse ru r3303p18 | scope: | eq | version: | 66005 | Trust: 0.3 |
| vendor: | hp | model: | 6127xlg | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | 6125xlg | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 59507)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 59407)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 59307)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 59207)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 59007)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 58305)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 58005)0 | Trust: 0.3 |
| vendor: | hp | model: | 5500si (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | hi (comware | scope: | eq | version: | 55005)0 | Trust: 0.3 |
| vendor: | hp | model: | ei (comware | scope: | eq | version: | 55005)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware r3108p03 | scope: | eq | version: | 51307) | Trust: 0.3 |
| vendor: | hp | model: | si (comware | scope: | eq | version: | 51205)0 | Trust: 0.3 |
| vendor: | hp | model: | ei (comware | scope: | eq | version: | 51205)0 | Trust: 0.3 |
| vendor: | hp | model: | 4800g (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | 4500g (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | 4210g (comware | scope: | eq | version: | 5)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 125007)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 125005)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 105007)0 | Trust: 0.3 |
| vendor: | hp | model: | (comware | scope: | eq | version: | 105005)0 | Trust: 0.3 |
| vendor: | f5 | model: | arx | scope: | eq | version: | 6.4 | Trust: 0.3 |
| vendor: | f5 | model: | arx | scope: | eq | version: | 6.3 | Trust: 0.3 |
| vendor: | f5 | model: | arx | scope: | eq | version: | 6.2 | Trust: 0.3 |
| vendor: | f5 | model: | arx | scope: | eq | version: | 6.1.1 | Trust: 0.3 |
| vendor: | f5 | model: | arx | scope: | eq | version: | 6.1 | Trust: 0.3 |
| vendor: | f5 | model: | arx | scope: | eq | version: | 6.0 | Trust: 0.3 |
| vendor: | cisco | model: | ios ca | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | oracle | model: | trace file analyzer | scope: | ne | version: | 12.1.2.8.4 | Trust: 0.3 |
| vendor: | mozilla | model: | network security services | scope: | ne | version: | 3.12.2 | Trust: 0.3 |
| vendor: | ronald | model: | l. rivest md5 algorithm | scope: | - | version: | - | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/11849/info
The MD5 algorithm is reported prone to a hash collision weakness. This weakness reportedly allows attackers to create multiple, differing input sources that, when the MD5 algorithm is used, result in the same output fingerprint.
It has been demonstrated that attackers can create multiple input sources to MD5 that result in the same output fingerprint. Reportedly, at this time, attackers cannot generate arbitrary collisions. At this time, it is also reported that only a very limited number of individual bits in an input message may be altered while maintaining an identical output fingerprint.
This weakness may allow attackers to create two messages, or executable binaries such that their MD5 fingerprints are identical. One of these messages or binaries would be innocent, and the other malicious. The innocent message or binary may be digitally signed, and then later would have the malicious file substituted into its place. This attack may allow malicious code to be executed, or non-repudiation properties of messages to be broken.
At this time, preimage attacks are not reportedly possible.
It is recommended that cryptosystems that utilize the MD5 algorithm should be reviewed, and the measures should be taken to protect against this weakness. Other hashing algorithms may possibly be utilized in replacement to, or in conjunction with MD5 to decrease the likelihood of a successful attack.
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/24807.tar.gz
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Message Digest Algorithm Hash Collision
Trust: 1.0
CREDITS
Dan Kaminsky
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2004-2761 | Trust: 1.9 |
| db: | EXPLOIT-DB | id: | 24807 | Trust: 1.9 |
| db: | BID | id: | 11849 | Trust: 1.9 |
| db: | EDBNET | id: | 46885 | Trust: 0.6 |
| db: | CERT/CC | id: | VU#836068 | Trust: 0.3 |
| db: | BID | id: | 33065 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2004-2761 | Trust: 1.6 |
| url: | https://www.securityfocus.com/bid/11849/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/24807/ | Trust: 0.6 |
| url: | http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx | Trust: 0.3 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=17341 | Trust: 0.3 |
| url: | http://www.phreedom.org/research/rogue-ca/ | Trust: 0.3 |
| url: | http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | Trust: 0.3 |
| url: | http://www.microsoft.com/technet/security/advisory/961509.mspx | Trust: 0.3 |
| url: | http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/ | Trust: 0.3 |
| url: | http://tools.ietf.org/html/rfc3279 | Trust: 0.3 |
| url: | http://www.trustcenter.de/media/tc_response_to_md5_vulnerability_paper.pdf | Trust: 0.3 |
| url: | http://www.win.tue.nl/hashclash/rogue-ca/ | Trust: 0.3 |
| url: | http://www.mozilla.org/projects/security/pki/nss/ | Trust: 0.3 |
| url: | http://www.kb.cert.org/vuls/id/836068 | Trust: 0.3 |
| url: | https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05336888 | Trust: 0.3 |
| url: | http://www.rtpro.yamaha.co.jp/rt/faq/security/vu836068.html | Trust: 0.3 |
| url: | http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15578.html?ref=rss | Trust: 0.3 |
| url: | http://www.entrust.net/knowledge-base/technote.cfm?tn=7690 | Trust: 0.3 |
| url: | https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php | Trust: 0.3 |
| url: | http://www.cisco.com/en/us/products/products_security_response09186a0080a5d24a.html | Trust: 0.3 |
| url: | https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05289935 | Trust: 0.3 |
| url: | http://www.cryptography.com/cnews/hash.html | Trust: 0.3 |
| url: | http://www.doxpara.com/md5_someday.pdf | Trust: 0.3 |
| url: | http://www.cs.ucsd.edu/users/bsy/dobbertin.ps | Trust: 0.3 |
| url: | https://www.exploit-db.com/exploits/24807 | Trust: 0.3 |
| url: | http://www.ietf.org/rfc/rfc1321.txt | Trust: 0.3 |
| url: | http://theory.lcs.mit.edu/~rivest/homepage.html | Trust: 0.3 |
| url: | http://cryptography.hyperlink.cz/2004/collisions.htm | Trust: 0.3 |
| url: | http://eprint.iacr.org/2004/199.pdf | Trust: 0.3 |
SOURCES
| db: | BID | id: | 33065 |
| db: | BID | id: | 11849 |
| db: | EXPLOIT-DB | id: | 24807 |
| db: | EDBNET | id: | 46885 |
LAST UPDATE DATE
2022-07-27T09:41:50.507000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 33065 | date: | 2017-05-02T03:05:00 |
| db: | BID | id: | 11849 | date: | 2004-12-07T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 33065 | date: | 2008-12-30T00:00:00 |
| db: | BID | id: | 11849 | date: | 2004-12-07T00:00:00 |
| db: | EXPLOIT-DB | id: | 24807 | date: | 2004-12-07T00:00:00 |
| db: | EDBNET | id: | 46885 | date: | 2004-12-07T00:00:00 |