> An integer overflow exists in the
> System.DirectoryServices.Protocols.Utility class of the .NET Framework.
> Triggering this issue results in an overflown integer that is used to
> allocate a buffer on the heap that is too small, resulting in memory
> corruption. Exploiting this issues appears to be difficult.
> Consequently, Microsoft has decided to not release a security bulletin.
>
> ------------------------------------------------------------------------
> This issue affects .NET Framework version 4.5 and 4.6. Other versions
> are not affected as this issue can only be triggered using large arrays
> (> 2GB).
>
> ------------------------------------------------------------------------
> There is currently no fix available for this issue. Microsoft will not
> release a security bulletin, it may be fixed in future versions of the
> .NET Framework.
>
> [...] [we] are going to pursue this as a candidate for improvement in
> future versions, [...] On x86, the feasibility of an attack is mitigated
> by the maximum process memory and even on amd64, prevailing
> configurations preclude this from being a feasible attack.
>
> ------------------------------------------------------------------------
https://technet.microsoft.com/library/security/ms15-101
On 25-07-15 09:02, Securify B.V. wrote:
> ------------------------------------------------------------------------
> Integer overflow in .NET Framework
> System.DirectoryServices.Protocols.Utility class
> ------------------------------------------------------------------------
> Yorick Koster, May 2015
>
> ------------------------------------------------------------------------
> Abstract
> ------------------------------------------------------------------------
> An integer overflow exists in the
> System.DirectoryServices.Protocols.Utility class of the .NET Framework.
> Triggering this issue results in an overflown integer that is used to
> allocate a buffer on the heap that is too small, resulting in memory
> corruption. Exploiting this issues appears to be difficult.
> Consequently, Microsoft has decided to not release a security bulletin.
>
> ------------------------------------------------------------------------
> Affected versions
> ------------------------------------------------------------------------
> This issue affects .NET Framework version 4.5 and 4.6. Other versions
> are not affected as this issue can only be triggered using large arrays
> (> 2GB).
>
> ------------------------------------------------------------------------
> Fix
> ------------------------------------------------------------------------
> There is currently no fix available for this issue. Microsoft will not
> release a security bulletin, it may be fixed in future versions of the
> .NET Framework.
>
> [...] [we] are going to pursue this as a candidate for improvement in
> future versions, [...] On x86, the feasibility of an attack is mitigated
> by the maximum process memory and even on amd64, prevailing
> configurations preclude this from being a feasible attack.
>
> ------------------------------------------------------------------------
> Details
> ------------------------------------------------------------------------
> https://www.securify.nl/advisory/SFY20150501/integer_overflow_in__net_fr
amework_system_directoryservices_protocols_utility_class.html
>
[ reply ]