lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.BSO.4.58.0402101617090.21300@rhiannon.precision-guesswork.com>
Date: Tue, 10 Feb 2004 16:23:38 -0800 (PST)
From: Tina Bird <tbird@...cision-guesswork.com>
To: Rainer Gerhards <rgerhards@...adiscon.com>
Cc: Marc Maiffret <mmaiffret@...e.com>,
	Joe Blatz <sd_wireless@...oo.com>, BUGTRAQ@...urityfocus.com
Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption



On Tue, 10 Feb 2004, Rainer Gerhards wrote:

> And that the server is more likely to be attacked is just an assumption
> - in the days of class A vuln sweeps and random worm scans, I don't
> think that servers are at most risk. In fact, I think the unprotected
> home machines are...
>
Yes, but...

In order to trigger the ASN.1 vulnerabilities an attacker has to be able
to get the target machine to invoke its BER decoding capabilities.  I
certainly don't know the details -- maybe someone here does? -- but it's
gotta be a little difficult to send a random network packet to get a
desktop machine (that is, not a domain controller or an AD server or
something) and get it to invoke MSASN1.

I can imagine lots of attacks that require user intervention to hit this
one (like opening a hostile SSL-based web site) -- but can this be
triggered without user intervention?

thanks for more info -- tbird


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ