[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

To: Rainer Gerhards <rgerhards@hq.adiscon.com>
Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: Tina Bird <tbird@precision-guesswork.com>
Date: Tue, 10 Feb 2004 16:23:38 -0800 (PST)

On Tue, 10 Feb 2004, Rainer Gerhards wrote:

> And that the server is more likely to be attacked is just an assumption
> - in the days of class A vuln sweeps and random worm scans, I don't
> think that servers are at most risk. In fact, I think the unprotected
> home machines are...
>
Yes, but...

In order to trigger the ASN.1 vulnerabilities an attacker has to be able
to get the target machine to invoke its BER decoding capabilities.  I
certainly don't know the details -- maybe someone here does? -- but it's
gotta be a little difficult to send a random network packet to get a
desktop machine (that is, not a domain controller or an AD server or
something) and get it to invoke MSASN1.

I can imagine lots of attacks that require user intervention to hit this
one (like opening a hostile SSL-based web site) -- but can this be
triggered without user intervention?

thanks for more info -- tbird

References:
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
  - From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>

Prev by Date: Internet Explorer and Microsoft clipboard poor security policy
Next by Date: Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure!
Previous by thread: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Next by thread: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Index(es):
- Date
- Thread