[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.BSO.4.58.0402101617090.21300@rhiannon.precision-guesswork.com>
Date: Tue, 10 Feb 2004 16:23:38 -0800 (PST)
From: Tina Bird <tbird@...cision-guesswork.com>
To: Rainer Gerhards <rgerhards@...adiscon.com>
Cc: Marc Maiffret <mmaiffret@...e.com>,
Joe Blatz <sd_wireless@...oo.com>, BUGTRAQ@...urityfocus.com
Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
On Tue, 10 Feb 2004, Rainer Gerhards wrote:
> And that the server is more likely to be attacked is just an assumption
> - in the days of class A vuln sweeps and random worm scans, I don't
> think that servers are at most risk. In fact, I think the unprotected
> home machines are...
>
Yes, but...
In order to trigger the ASN.1 vulnerabilities an attacker has to be able
to get the target machine to invoke its BER decoding capabilities. I
certainly don't know the details -- maybe someone here does? -- but it's
gotta be a little difficult to send a random network packet to get a
desktop machine (that is, not a domain controller or an AD server or
something) and get it to invoke MSASN1.
I can imagine lots of attacks that require user intervention to hit this
one (like opening a hostile SSL-based web site) -- but can this be
triggered without user intervention?
thanks for more info -- tbird
Powered by blists - more mailing lists