| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Feb 2004 16:23:38 -0800 (PST) From: Tina Bird <tbird@...cision-guesswork.com> To: Rainer Gerhards <rgerhards@...adiscon.com> Cc: Marc Maiffret <mmaiffret@...e.com>, Joe Blatz <sd_wireless@...oo.com>, BUGTRAQ@...urityfocus.com Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption On Tue, 10 Feb 2004, Rainer Gerhards wrote: > And that the server is more likely to be attacked is just an assumption > - in the days of class A vuln sweeps and random worm scans, I don't > think that servers are at most risk. In fact, I think the unprotected > home machines are... > Yes, but... In order to trigger the ASN.1 vulnerabilities an attacker has to be able to get the target machine to invoke its BER decoding capabilities. I certainly don't know the details -- maybe someone here does? -- but it's gotta be a little difficult to send a random network packet to get a desktop machine (that is, not a domain controller or an AD server or something) and get it to invoke MSASN1. I can imagine lots of attacks that require user intervention to hit this one (like opening a hostile SSL-based web site) -- but can this be triggered without user intervention? thanks for more info -- tbird
Powered by blists - more mailing lists