lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Feb 2004 11:22:53 -0800
From: Steve Friedl <>
To: Rainer Gerhards <>
Cc: Tina Bird <>,
Subject: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

On Wed, Feb 11, 2004 at 10:10:32AM +0100, Rainer Gerhards wrote:
> As someone else pointed out, there is also a potential large multitude
> of third party apps which rely on the Microsoft lib. This alone is a
> good indication an update is needed.

I wrote a small dependency-checker, and on my win2000 system it showed
that 232 DLLs depended directly or indirectly on the MSASN1.DLL.  It's a
pretty wide range of programs that have this in their address space.

It's a lot harder to find which programs actually *use* it, but checking
Process Explorer shows quite a few applications that have it loaded;

	Quicken 2003
	Yahoo! IM
	Adobe Acrobat
	MusicMatch Jukebox
	Turbo Tax 2003
	JASC PaintShop Pro
	Altova XML Spy

NOTE: this does NOT mean that these applications are vulnerable to
anything (even "potentially"). But it suggests a lot of places to
look for stuff.

> But I think the bottom line of all this is if a box is listening to 135,
> 139 OR 445, it is vulnerable. And workstations by default listen to this
> ports.

kerberos is a prime suspect too: 88/tcp and 88/ucp.


Stephen J Friedl | Software Consultant | Tustin, CA |   +1 714 544-6561  | I speak for me only |   KA8CMY   |

Powered by blists - more mailing lists