SecurityFocus

RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 11 2004 09:10AM
Rainer Gerhards (rgerhards hq adiscon com) (2 replies)

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 13 2004 06:04AM
Thor Lancelot Simon (tls rek tjls com) (2 replies)

On Wed, Feb 11, 2004 at 10:10:32AM +0100, Rainer Gerhards wrote:
>
> As of my understanding (I haven't tried to reproduce, just theory here),
> ASN.1 is not only used for AD, but also for NTLM authentication. Even if
> that is not the case, there are several cases where ASN.1 is used. And
> "invoking BER decoding capabilities" (from the MS Advisory) may sound
> like something seldomly done... In fact, if you receive ASN.1 on the
> wire, you need to decode BER because this is the way you get hold of the
> message content. It is the same thing as "decoding the SMTP message" is

That's not actually correct. Most network protocols use the
"Distinguished Encoding Rules" (DER) not the "Basic Encoding Rules"
(BER). BER is an abomination and should never, ever have been in
the standard; the only protocol commonly used over IP that uses BER
is LDAP, because it descends from DAP, which used BER.

So you can't reasonably assume that if it uses ASN.1, it uses
BER. That's presumably why Microsoft left certain ASN.1-using
network services turned on.

Thor

[ reply ]

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 14 2004 04:46PM
Buck Huppmann (buckh pobox com)

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 13 2004 11:14PM
David Wilson (David Wilson isode com)

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Feb 12 2004 07:22PM
Steve Friedl (steve unixwiz net)