Bugtraq mailing list archives
RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: Tina Bird <tbird () precision-guesswork com>
Date: Tue, 10 Feb 2004 16:23:38 -0800 (PST)
On Tue, 10 Feb 2004, Rainer Gerhards wrote:
And that the server is more likely to be attacked is just an assumption - in the days of class A vuln sweeps and random worm scans, I don't think that servers are at most risk. In fact, I think the unprotected home machines are...
Yes, but... In order to trigger the ASN.1 vulnerabilities an attacker has to be able to get the target machine to invoke its BER decoding capabilities. I certainly don't know the details -- maybe someone here does? -- but it's gotta be a little difficult to send a random network packet to get a desktop machine (that is, not a domain controller or an AD server or something) and get it to invoke MSASN1. I can imagine lots of attacks that require user intervention to hit this one (like opening a hostile SSL-based web site) -- but can this be triggered without user intervention? thanks for more info -- tbird
Current thread:
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption, (continued)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption James Riden (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption peter.huang (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tim Eddy (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Peter Pentchev (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Timothy J . Miller (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Florian Weimer (Feb 16)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Alun Jones (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Steve Friedl (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Thor Lancelot Simon (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Buck Huppmann (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption David Wilson (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Sam Schinke (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Drew Copley (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Boyce, Nick (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Michael Shigorin (Feb 16)
(Thread continues...)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)