BugTraq
RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 10 2004 10:16PM
Tim Eddy (eddyt stgeorge com au) (2 replies)
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 11 2004 02:19PM
Timothy J.Miller (cerebus sackheads org) (1 replies)
On Feb 10, 2004, at 4:16 PM, Tim Eddy wrote:

> Marc,
>
> If we remove the default exemptions for Kerberos & RSVP from IPSEC with
> the "NoDefaultExempt" registry key, this still passes IKE. Therefore is
> IKE vulnerable to the ASN bug?

Very likely, as IKE data is marshaled into ASN.1 format. The fun part
about ASN.1 is it's so damn useful you tend to use it *everywhere*.

Is anyone else wondering why MS didn't fix this with the last round of
ASN.1 decoding overflow vulnerabilities (remember the SNMP hole)? It's
basically the same problem.

-- Cerebus

[ reply ]
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 14 2004 04:14PM
Florian Weimer (fw deneb enyo de)
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 11 2004 11:59AM
Peter Pentchev (roam ringlet net)


 

Privacy Statement
Copyright 2010, SecurityFocus